CVE-2026-31229: n/a
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights from a file (e.g., model.pt) during robustness evaluation, the code uses torch.load() without the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the Pickle module. An attacker can exploit this by uploading a maliciously crafted model file to an object storage location referenced by the pipeline, or by controlling the model_id parameter to point to such a file. When the pipeline loads the model, the malicious payload is executed, leading to remote code execution.
AI Analysis
Technical Summary
CVE-2026-31229 describes an insecure deserialization vulnerability (CWE-502) in the Adversarial Robustness Toolbox (ART) Kubeflow component. The vulnerability occurs during model weight loading via torch.load(), which does not use the weights_only=True parameter to restrict deserialization. This allows an attacker who can influence the model file source or model_id parameter to execute arbitrary code remotely by providing a maliciously crafted model file. The vulnerability affects ART versions up to 1.20.1. There is no CVSS score or vendor advisory indicating patch availability or mitigation.
Potential Impact
Successful exploitation results in remote code execution on the system loading the malicious model file. This can lead to full compromise of the affected environment running the ART Kubeflow pipeline. The vulnerability requires the attacker to have the ability to upload or reference a malicious model file, which may limit the attack surface depending on deployment configurations. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to model file upload locations and validate or sandbox model files before loading. Avoid using untrusted model files in the ART Kubeflow pipeline. Monitor vendor channels for updates regarding a security patch or recommended mitigations.
CVE-2026-31229: n/a
Description
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its Kubeflow component's model loading functionality. When loading model weights from a file (e.g., model.pt) during robustness evaluation, the code uses torch.load() without the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the Pickle module. An attacker can exploit this by uploading a maliciously crafted model file to an object storage location referenced by the pipeline, or by controlling the model_id parameter to point to such a file. When the pipeline loads the model, the malicious payload is executed, leading to remote code execution.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-31229 describes an insecure deserialization vulnerability (CWE-502) in the Adversarial Robustness Toolbox (ART) Kubeflow component. The vulnerability occurs during model weight loading via torch.load(), which does not use the weights_only=True parameter to restrict deserialization. This allows an attacker who can influence the model file source or model_id parameter to execute arbitrary code remotely by providing a maliciously crafted model file. The vulnerability affects ART versions up to 1.20.1. There is no CVSS score or vendor advisory indicating patch availability or mitigation.
Potential Impact
Successful exploitation results in remote code execution on the system loading the malicious model file. This can lead to full compromise of the affected environment running the ART Kubeflow pipeline. The vulnerability requires the attacker to have the ability to upload or reference a malicious model file, which may limit the attack surface depending on deployment configurations. No known active exploitation has been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to model file upload locations and validate or sandbox model files before loading. Avoid using untrusted model files in the ART Kubeflow pipeline. Monitor vendor channels for updates regarding a security patch or recommended mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-03-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a03652ecbff5d861008c15e
Added to database: 5/12/2026, 5:36:46 PM
Last enriched: 5/12/2026, 8:08:40 PM
Last updated: 5/13/2026, 4:59:18 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.