CVE-2026-31228
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation.
References (5)
Source: cve@mitre.org
Source: cve@mitre.org
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Timeline
No history available yet.