Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When loading a model state dictionary from a state_dict.pt file via torch.load(), the function does not enable the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects through the Pickle module. A remote attacker can exploit this by providing a maliciously crafted state_dict.pt file within a directory specified via the --model argument, leading to arbitrary code execution during the deserialization process on the victim's system.
AnalysisAI
Remote code execution in Optimate's neural_magic_training.py script allows authenticated attackers to execute arbitrary code via malicious PyTorch model files. The vulnerability stems from unsafe deserialization when loading model state dictionaries without PyTorch's weights_only=True security flag, enabling pickle-based arbitrary object execution. With an EPSS score of 0.06% and no confirmed exploitation, this represents a moderate risk primarily in environments where users can upload or specify model files.
Technical ContextAI
The vulnerability exists in Optimate, a neural network optimization tool, specifically in the _load_model() function that processes PyTorch model files. PyTorch's torch.load() function uses Python's pickle serialization by default, which can deserialize arbitrary Python objects including those that execute code upon instantiation. The CWE-502 classification indicates this is a classic insecure deserialization vulnerability where untrusted data is processed without proper validation or sandboxing.
RemediationAI
No vendor-released patch identified at time of analysis. The primary mitigation is to modify the torch.load() call in _load_model() to include weights_only=True parameter, which restricts deserialization to tensor data only. As an immediate workaround, restrict access to the --model argument to trusted users only and validate that model directories come from trusted sources. Consider implementing input validation to ensure state_dict.pt files originate from known-good locations. Advisory details available at https://www.notion.so/CVE-2026-31218-35d1e139318881839bc8cf6007be2c76.
Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t
BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser
pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph
pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne
Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301
Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing
Same weakness CWE-502 – Deserialization of Untrusted Data
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29502
GHSA-q2mf-qjjq-ghcc