CVE-2026-31230: The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kub
highvulnerability
security
Summary
The Adversarial Robustness Toolbox (ART) up to version 1.20.1 has a vulnerability in its Kubeflow component where it uses eval() (a function that runs text as if it were code) unsafely to process command-line arguments like --clip_values and --input_shape. An attacker can inject malicious Python code through these arguments, which will execute when eval() processes them, potentially giving the attacker full control over the system running ART if they can control those arguments.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
May 12, 2026
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-31230
First tracked: May 12, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 92%