CVE-2024-49375: Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the
Summary
A vulnerability in Rasa (an open source machine learning framework) allows an attacker to achieve RCE (remote code execution, where an attacker runs commands on a system they don't own) by loading a malicious model if the HTTP API is enabled and authentication is not properly configured. The vulnerability only affects instances where the API is explicitly enabled (not the default) and lacks proper security controls.
Solution / Mitigation
Upgrade to Rasa version 3.6.21 or later. Users unable to upgrade should ensure that they require authentication and that only trusted users are given access.
Vulnerability Details
9(critical)
EPSS: 3.3%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-49375
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 95%