cbcvebase.
CVE-2026-31228
published 2026-05-12

CVE-2026-31228: The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation…

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.61%
44.7th percentile
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation.

Affected

4 ranges
VendorProductVersion rangeFixed in
rhoaiodh-kserve-agent-rhel9
rhoaiodh-kserve-controller-rhel9
rhoaiodh-kserve-router-rhel9
rhoaiodh-kserve-storage-initializer-rhel9

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for unsanitized user-supplied strings being passed to eval() within the ART Kubeflow robustness evaluation function for PyTorch models, specifically via the LossFn and Optimizer parameters
  • Flag or alert on arbitrary Python code execution originating from the ART Kubeflow component's eval() call path, which could indicate exploitation of CVE-2026-31228
  • Audit Red Hat OpenShift AI (RHOAI) packages for affected ART Kubeflow component: rhoai/odh-kserve-agent-rhel9, rhoai/odh-kserve-controller-rhel9, rhoai/odh-kserve-router-rhel9, rhoai/odh-kserve-storage-initializer-rhel9
  • ·All versions of Adversarial Robustness Toolbox (ART) through 1.20.1 are affected; no patch or mitigation meeting Red Hat Product Security criteria is currently available
  • ·Red Hat explicitly states no viable mitigation is available for this flaw as deployed in Red Hat OpenShift AI

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.