CVE-2026-47117: Improper Control of Generation of Code ('Code Injection') in maziyarpanahi openmed
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied model_name parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path that loads Hugging Face models with trust_remote_code=True. An unauthenticated attacker can supply a malicious model repository containing custom Transformers code via auto_map in config.json or tokenizer_config.json, which is imported and executed with the privileges of the OpenMed service process.
AI Analysis
Technical Summary
CVE-2026-47117 is a critical remote code execution vulnerability in the OpenMed software prior to version 1.5.2. The issue is in the PII privacy-filter model loading path where the dispatcher uses broad substring matching on the user-supplied model_name parameter. This allows an attacker to craft a model_name that routes to loading Hugging Face models with the trust_remote_code flag set to true. By supplying a malicious model repository containing custom Transformers code via auto_map in config.json or tokenizer_config.json, an unauthenticated attacker can execute arbitrary code with the privileges of the OpenMed service process. The vulnerability has a CVSS 4.0 score of 9.3, reflecting network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
Potential Impact
An unauthenticated remote attacker can achieve remote code execution on the system running OpenMed by exploiting this vulnerability. This allows execution of arbitrary code with the privileges of the OpenMed service process, potentially leading to full system compromise, data theft, or service disruption. The vulnerability affects confidentiality, integrity, and availability with high severity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability affects versions before 1.5.2, upgrading to version 1.5.2 or later may address the issue if confirmed by the vendor. Until an official fix is available, restrict access to the OpenMed service and validate or sanitize user-supplied model_name parameters to prevent malicious input. Monitor vendor channels for updates.
CVE-2026-47117: Improper Control of Generation of Code ('Code Injection') in maziyarpanahi openmed
Description
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied model_name parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path that loads Hugging Face models with trust_remote_code=True. An unauthenticated attacker can supply a malicious model repository containing custom Transformers code via auto_map in config.json or tokenizer_config.json, which is imported and executed with the privileges of the OpenMed service process.
CVSS v4.0
Score 9.3critical
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-47117 is a critical remote code execution vulnerability in the OpenMed software prior to version 1.5.2. The issue is in the PII privacy-filter model loading path where the dispatcher uses broad substring matching on the user-supplied model_name parameter. This allows an attacker to craft a model_name that routes to loading Hugging Face models with the trust_remote_code flag set to true. By supplying a malicious model repository containing custom Transformers code via auto_map in config.json or tokenizer_config.json, an unauthenticated attacker can execute arbitrary code with the privileges of the OpenMed service process. The vulnerability has a CVSS 4.0 score of 9.3, reflecting network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability.
Potential Impact
An unauthenticated remote attacker can achieve remote code execution on the system running OpenMed by exploiting this vulnerability. This allows execution of arbitrary code with the privileges of the OpenMed service process, potentially leading to full system compromise, data theft, or service disruption. The vulnerability affects confidentiality, integrity, and availability with high severity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability affects versions before 1.5.2, upgrading to version 1.5.2 or later may address the issue if confirmed by the vendor. Until an official fix is available, restrict access to the OpenMed service and validate or sanitize user-supplied model_name parameters to prevent malicious input. Monitor vendor channels for updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-05-18T19:22:26.749Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1efb6ae29bf47b50db3b50
Added to database: 6/2/2026, 3:48:58 PM
Last enriched: 6/2/2026, 4:03:36 PM
Last updated: 6/3/2026, 5:09:43 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.