{"data":{"id":"78361bda-9cc4-4c9c-8c7f-b131f2d134fc","title":"CVE-2026-31253: The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an ins","summary":"The flash-attention training framework has a vulnerability in how it loads saved model checkpoints (snapshots of a model's learned weights). An attacker can hide malicious code inside a checkpoint file, and when someone loads that file using the `load_checkpoint()` function, the code runs automatically on their computer without permission.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-31253","publishedAt":"2026-05-11T17:16:20.307Z","cveId":"CVE-2026-31253","cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["model_theft","supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["flash-attention"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-11T17:16:20.307Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"training_data","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}