CVE-2026-31228: The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow comp
Summary
The Adversarial Robustness Toolbox (ART) version 1.20.1 and earlier has a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in its Kubeflow component. The vulnerability exists because the robustness evaluation function uses eval() (a function that executes text as Python code) without checking user input, allowing an attacker to submit malicious Python code that runs on the system when the evaluation function processes it.
Vulnerability Details
EPSS: 0.0%
May 12, 2026
Classification
Affected Vendors
Related Issues
CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-31228
First tracked: May 12, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 95%