CVE-2026-31219
published 2026-05-12CVE-2026-31219: The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.56%
42.3th percentile
The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When a user provides a single model file path (e.g., .pt or .pth) via the --model command-line argument, the function loads the file using torch.load() without enabling the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects through the Pickle module. A remote attacker can exploit this by providing a maliciously crafted model file, leading to arbitrary code execution during deserialization on the victim's system.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
optimate up to 2024-07-21 Pickle neural_magic_training.py _load_model deserialization
vuldb·2026-05-19·CVSS 8.8
CVE-2026-31219 [HIGH] optimate up to 2024-07-21 Pickle neural_magic_training.py _load_model deserialization
A vulnerability described as critical has been identified in optimate up to 2024-07-21. Impacted is the function _load_model of the file neural_magic_training.py of the component Pickle Module. The manipulation results in deserialization.
This vulnerability is known as CVE-2026-31219. It is possible to launch the attack remotely. No exploit is available.
GHSA
GHSA-f5xg-pvfx-vwh9: The _load_model() function in the neural_magic_training
ghsa_unreviewed·2026-05-12
CVE-2026-31219 GHSA-f5xg-pvfx-vwh9: The _load_model() function in the neural_magic_training
The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When a user provides a single model file path (e.g., .pt or .pth) via the --model command-line argument, the function loads the file using torch.load() without enabling the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects through the Pickle module. A remote attacker can exploit this by providing a maliciously crafted model file, leading to arbitrary code execution during deserialization on the victim's system.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-12
Published