← voltar
CVE-2026-38950

CVE-2026-38950

CVSS 7.8 HIGHEPSS 0.1%CWE-502
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load() with unrestricted deserialization.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.mdhttps://github.com/esa/AnomalyMatch/pull/9https://imlabs.info/research/security_advisory_esa_anomaly_match_unsafe_deserialization_cve_2026_38950_ivan_markovic_052026.html