Malicious code in guardrails-ai 0.10.1 (supply chain compromise) — CVE-2026-45758
GitHub · GitHub · CVE-2026-45758
ID
CVE-2026-45758
CVE-2026-45758
Date
Updated
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
critical
critical
CVSS
9.6
9.6
EPSS
0.00038
0.00038
Summary
### Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. **Affected:** any user who installed `guardrails-ai==0.10.1` from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours of publication, and PyPI quarantined the repository. Based on our telemetry, we have observed no requests…
Product
pip: guardrails-ai
What to do
General, cautious steps (verify details in the official source):
- Prioritize patching or mitigation immediately (treat as actively risky).
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.