{"data":{"id":"df5fa3eb-7b24-4267-aefd-3cfcc6307fd6","title":"CVE-2026-31228: The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow comp","summary":"The Adversarial Robustness Toolbox (ART) version 1.20.1 and earlier has a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in its Kubeflow component. The vulnerability exists because the robustness evaluation function uses eval() (a function that executes text as Python code) without checking user input, allowing an attacker to submit malicious Python code that runs on the system when the evaluation function processes it.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-31228","publishedAt":"2026-05-12T16:16:14.633Z","cveId":"CVE-2026-31228","cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["IBM Adversarial Robustness Toolbox (ART)","Kubeflow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-12T16:16:14.633Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}