CVE-2026-4500

MEDIUM 6.3

bagofwords1 bagofwords code_execution.py generate_df injection

CVSS Score

6.3

EPSS Score

0.1%

EPSS Percentile

18th

A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate_df of the file backend/app/ai/code_execution/code_execution.py. Such manipulation leads to injection. The attack may be launched remotely. The exploit is publicly available and might be used. Upgrading to version 0.0.298 will fix this issue. The name of the patch is 47b20bcda31264635faff7f6b1c8095abe1861c6. It is recommended to upgrade the affected component.

CWE	CWE-74 CWE-707
Vendor	bagofwords1
Product	bagofwords
Published	Mar 20, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for bagofwords1 bagofwords

Be the first to know when new medium vulnerabilities affecting bagofwords1 bagofwords are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

bagofwords1 / bagofwords

0.0.297

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.352065 vuldb.com: https://vuldb.com/?ctiid.352065 vuldb.com: https://vuldb.com/?submit.773890 github.com: https://github.com/bagofwords1/bagofwords/issues/60 github.com: https://github.com/bagofwords1/bagofwords/pull/63 github.com: https://github.com/Ka7arotto/cve/blob/main/bagofwords-rce.md github.com: https://github.com/bagofwords1/bagofwords/commit/47b20bcda31264635faff7f6b1c8095abe1861c6 github.com: https://github.com/bagofwords1/bagofwords/releases/tag/v0.0.298 github.com: https://github.com/bagofwords1/bagofwords/

Credits

🔍 Goku (VulDB User)