{"data":{"id":"8017f37f-cbb0-43e8-96ac-c3d3c9bc575c","title":"CVE-2026-31230: The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kub","summary":"The Adversarial Robustness Toolbox (ART) up to version 1.20.1 has a vulnerability in its Kubeflow component where it uses eval() (a function that runs text as if it were code) unsafely to process command-line arguments like --clip_values and --input_shape. An attacker can inject malicious Python code through these arguments, which will execute when eval() processes them, potentially giving the attacker full control over the system running ART if they can control those arguments.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-31230","publishedAt":"2026-05-12T18:16:51.277Z","cveId":"CVE-2026-31230","cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Adversarial Robustness Toolbox (ART)"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T18:16:51.277Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}