CVE-2021-43811: Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses Y
highvulnerability
security
Summary
Sockeye, an open-source tool for Neural Machine Translation (a type of AI that translates text between languages), had a security flaw in versions before 2.3.24 where it used unsafe YAML loading (a method to read configuration files without proper safety checks). An attacker could hide malicious code in a model's configuration file, and if a user downloaded and ran that model, the hidden code would execute on their computer.
Solution / Mitigation
The issue is fixed in version 2.3.24. Users should update to this version or later.
Vulnerability Details
CVSS Score
7.8(high)
EPSS (30-day exploit probability)
EPSS: 8.7%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-43811
First tracked: February 15, 2026 at 08:37 PM
Classified by LLM (prompt v3) · confidence: 95%