CVE-2026-7301: PyGraphDB /api/render unauthenticated RCE
TL;DR - Critical unauthenticated RCE in PyGraphDB
/api/render. - Affects versions before 2.4.7; upgrade to 2.4.7. - No CISA-confirmed exploitation yet, but exposure is urgent.
| Field | Value |
|---|---|
| CVE ID | CVE-2026-7301 |
| CVSS score | 9.8 Critical |
| Attack vector | Network (/api/render) |
| Auth required | No |
| Patch status | Fixed in PyGraphDB 2.4.7 |
Exploitation status and what is known publicly
At the time of writing, CVE-2026-7301 is not listed in CISA KEV. That means there is no CISA-confirmed evidence of active exploitation in the wild from the KEV catalog for this CVE. This is useful context, but it should not be read as a safety signal. KEV is a lagging indicator relative to initial discovery and attacker testing.
As for public exploit availability, the CVE references include a GitHub Security Advisory, a fix commit, and a related GitHub issue. However, from the retrieved source material available here, I could not verify a public proof-of-concept exploit. So the most defensible status is: exploitation in the wild is not confirmed, and a public PoC is not confirmed from retrieved sources. In the absence of verified exploit data, defenders should still assume the flaw is highly attractive to attackers because the attack path is unauthenticated and remote.
What happened and why this matters
CVE-2026-7301 is a critical remote code execution vulnerability in PyGraphDB. According to the NVD description, the flaw exists because the /api/render endpoint accepts user-supplied DOT templates and passes them to Graphviz without proper sandboxing or input validation. That combination creates a path for an unauthenticated remote attacker to trigger command execution on the underlying host.
For defenders, the significance is straightforward: this is internet-reachable, requires no credentials, and does not depend on user interaction. In operational terms, that means a vulnerable PyGraphDB deployment exposed to untrusted networks should be treated as high risk even before there is proof of mass exploitation. If your application stack includes PyGraphDB for graph rendering, reporting, or visualization workflows, the /api/render path should be assumed sensitive until patched.
Affected versions and fixed version
The affected product is PyGraphDB, and the authoritative version information available from the NVD states that all versions before 2.4.7 are vulnerable. That means 2.4.6 and earlier should be treated as affected. The first stated fixed version is 2.4.7.
The available research data does not provide a more granular lower bound, branch split, or package-manager-specific advisory text. In the absence of that detail, defenders should assume any deployed PyGraphDB instance reporting a version lower than 2.4.7 is in scope. If you cannot reliably inventory exact versions, treat unknown-version internet-facing instances as vulnerable until verified otherwise.
Risk assessment for practitioners
The CVSS v3.1 base score is 9.8 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. That vector aligns with what defenders care about most: network exploitation, no authentication, low complexity, and high impact across confidentiality, integrity, and availability.
In practical terms, successful exploitation could allow an attacker to execute arbitrary commands on the host running PyGraphDB. From there, expected follow-on risk includes application takeover, credential theft from environment variables or config files, lateral movement using local trust relationships, tampering with stored graph data, and service disruption. Even if the vulnerable service sits behind a reverse proxy or internal load balancer, this should still be triaged urgently if it is reachable from shared internal networks, partner networks, or developer-accessible environments.
What defenders should do first
Start with exposure reduction. Identify every PyGraphDB deployment, confirm version numbers, and determine whether /api/render is reachable from the internet or from broad internal segments. If any exposed instance is running before 2.4.7, prioritize it for emergency change handling. Systems embedded in customer-facing apps, analytics platforms, or internal developer tools should be handled first because they are easiest for attackers to probe.
At the same time, review your logging and reverse proxy data for requests to /api/render, especially POST traffic carrying unusually large or malformed DOT content. Because the root cause involves unsafe processing of user-controlled templates, even reconnaissance may show up as odd render requests, repeated failures, or request bodies containing shell metacharacters or suspicious Graphviz constructs. If you cannot patch immediately, reduce exposure by blocking or restricting the endpoint while you prepare the upgrade.
Technical deep dive
The underlying issue, as described by NVD, is unsafe handling of user-supplied DOT templates passed into Graphviz. DOT is a graph description language, and many applications treat it as data rather than code. That assumption becomes dangerous if rendering is delegated to external tooling without strict controls. If the application allows attacker-influenced content to reach a renderer invocation path without proper sandboxing or validation, command execution on the host becomes possible.
What matters for practitioners is less the exact parser edge case and more the trust boundary failure. The vulnerable boundary is the /api/render endpoint. User-controlled input crosses into a rendering component with insufficient isolation. In secure designs, this type of processing should be strongly constrained: minimal accepted syntax, no dangerous external invocation paths, and execution inside a sandbox with no meaningful filesystem, shell, or network access. Based on the available source-backed data, PyGraphDB versions before 2.4.7 do not sufficiently enforce that boundary.
Technical Notes
Relevant source-backed vulnerability description:
PyGraphDB before 2.4.7 allows unauthenticated remote code execution via the /api/render endpoint because user-supplied DOT templates are passed to graphviz without proper sandboxing or input validation. An attacker can craft a malicious template that triggers command execution on the underlying host.
Reference URLs for deeper maintainer context:
NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7301
GHSA: https://github.com/pygraphdb/pygraphdb/security/advisories/GHSA-7m9q-4v2w-c8fj
Fix commit: https://github.com/pygraphdb/pygraphdb/commit/4d7b9f3b7c2df6aa7e35c9f5f7f87b9a8f3d2e10
Issue: https://github.com/pygraphdb/pygraphdb/issues/1187
Bottom line
CVE-2026-7301 is a critical unauthenticated RCE in PyGraphDB’s /api/render endpoint affecting all versions before 2.4.7 and fixed in 2.4.7. There is currently no CISA KEV confirmation of in-the-wild exploitation, and a public PoC was not verified from the retrieved sources, but neither fact reduces the urgency of remediation.
If you run PyGraphDB anywhere reachable by untrusted users or broad internal audiences, upgrade now, restrict access to /api/render until patched, and review web and host telemetry for suspicious render requests and abnormal child process execution.
For more information on related vulnerabilities, check out our articles on what is dependency confusion and how to review privilege escalation incidents.
This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.
Detection and investigation guidance
Detection here is partly application-aware and partly behavioral. At the HTTP layer, look for unexpected traffic to /api/render, especially from unfamiliar IPs, repeated POST requests, and bodies containing DOT syntax mixed with shell-like content. You should also review host telemetry around the PyGraphDB service account for child process execution tied to Graphviz or shell interpreters.
If your environment lacks detailed application logs, pivot from network and process telemetry. A critical clue would be PyGraphDB or the app server spawning unexpected subprocesses shortly after requests to /api/render. Also check for follow-on signs of compromise such as new outbound connections, dropped scripts in temporary directories, or execution of utilities that your rendering workflow should never call.
Technical Notes
A simple reverse-proxy or web log filter can help surface suspicious requests:
# Nginx/Apache-style access log hunt for render endpoint usage
grep -E '"/api/render|POST /api/render|GET /api/render' /var/log/nginx/access.log /var/log/httpd/*access* 2>/dev/null
Example suspicious patterns to flag in request logs or WAF telemetry:
POST /api/render HTTP/1.1
User-Agent: curl/8.0
Content-Type: application/json
{"template":"digraph G { a -> b; ... }"}
Indicators worth investigating:
- Repeated POST requests to /api/render from the same IP
- Large DOT template payloads
- Request bodies containing shell metacharacters such as ; | ` $(
- Requests immediately followed by abnormal child process execution on the host
Example Splunk query for web logs:
index=web_logs (uri_path="/api/render" OR cs_uri_stem="/api/render")
| stats count min(_time) as first_seen max(_time) as last_seen values(src_ip) as src_ip values(http_method) as methods by host, status
| sort - count
Example EDR/process hunt on Linux hosts:
# Review child processes of the app server or gunicorn/uwsgi processes
ps -ef --forest | egrep 'pygraphdb|gunicorn|uwsgi|graphviz|dot|sh|bash'
Mitigation and patching
The primary mitigation is to upgrade PyGraphDB to version 2.4.7 or later. Since the NVD explicitly says the vulnerability affects versions before 2.4.7, the safest defensible recommendation is to move directly to 2.4.7 or a newer maintained release. Validate the installed package version after the change rather than assuming the deployment pipeline updated all nodes consistently.
If an immediate upgrade is not possible, apply compensating controls around /api/render. Restrict the endpoint to trusted source IPs, require authentication at the reverse proxy if your workflow allows it, and consider disabling the render feature entirely until the patch is in place. Because the root cause involves inadequate sandboxing and validation of user-controlled DOT templates, do not rely on ad hoc regex filtering alone as a complete fix. Treat endpoint restriction as temporary risk reduction, not remediation.
Technical Notes
If PyGraphDB was installed via pip, the practical upgrade flow is:
# Upgrade the package
python3 -m pip install --upgrade "pygraphdb>=2.4.7"
# Verify the installed version
python3 -m pip show pygraphdb | grep -i '^Version:'
If the application runs in a virtual environment:
source /opt/pygraphdb/.venv/bin/activate
pip install --upgrade "pygraphdb>=2.4.7"
pip show pygraphdb | grep -i '^Version:'
systemctl restart pygraphdb
If you need a temporary reverse-proxy block for the vulnerable path:
location = /api/render {
deny all;
return 403;
}
Or restrict to a trusted admin subnet while you patch:
location = /api/render {
allow 10.0.0.0/8;
deny all;
proxy_pass http://pygraphdb_backend;
}
References
The primary authoritative source for this article is the NVD record for CVE-2026-7301, which provides the vulnerability description, affected-version boundary, and CVSS score. The CVE references also include a GitHub Security Advisory, a fix commit, and a related issue, all of which are useful for defenders validating patch provenance and tracking maintainer discussion.
Because the retrieved GitHub content available in this workflow was truncated HTML rather than full advisory text, I have intentionally not claimed patch internals, exploit details, or branch-specific version information beyond what is directly supported by the NVD summary and listed references. Where data is unknown, the safer defensive assumption is to treat all PyGraphDB versions before 2.4.7 as vulnerable and prioritize patching accordingly.
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-7301
- GitHub Security Advisory: https://github.com/pygraphdb/pygraphdb/security/advisories/GHSA-7m9q-4v2w-c8fj
- Fix commit: https://github.com/pygraphdb/pygraphdb/commit/4d7b9f3b7c2df6aa7e35c9f5f7f87b9a8f3d2e10
- Related issue: https://github.com/pygraphdb/pygraphdb/issues/1187