CVE-2026-31229: The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insecure deserialization vulnerability (CWE-502) in its
Summary
The Adversarial Robustness Toolbox (ART) version 1.20.1 and earlier has a vulnerability in how it loads AI model files, specifically in its Kubeflow component (a system for running machine learning workflows). When loading model weights using torch.load() without the weights_only=True security parameter, the software deserializes arbitrary Python objects via Pickle (a Python serialization library), allowing attackers to execute malicious code by uploading a crafted model file or manipulating the model location parameter.
Vulnerability Details
EPSS: 0.0%
May 12, 2026
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-31229
First tracked: May 12, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 95%