CVE-2026-31229

🟠 Łataj w tym tygodniu

Niebezpieczna deserializacja w Adversarial Robustness Toolbox umożliwia zdalne wykonanie kodu.

CVSS

9.8

EPSS

0.4%

Exploit

none

Vendor

Opis źródłowy (NVD)

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights from a file (e.g., model.pt) during robustness evaluation, the code uses torch.load() without the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the Pickle module. An attacker can exploit this by uploading a maliciously crafted model file to an object storage location referenced by the pipeline, or by controlling the model_id parameter to point to such a file. When the pipeline loads the model, the malicious payload is executed, leading to remote code execution.

deserialization rce Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	9.8
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	0.4%
Opublikowano (NVD)	2026-05-12 18:16:51 UTC
Ostatnia modyfikacja (NVD)	2026-05-13 16:16:38 UTC

Referencje

https://github.com/Trusted-AI/adversarial-robustness-toolbox (cve@mitre.org)
https://www.notion.so/CVE-2026-31229-35d1e13931888172863dcc20beeb6b70 (cve@mitre.org)