CVE-2026-31230
published 2026-05-12CVE-2026-31230: The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.55%
42.0th percentile
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values provided via the --clip_values and --input_shape command-line arguments. This allows an attacker to inject arbitrary Python code into these arguments, which will be executed when eval() is called. The vulnerability can be exploited remotely if an attacker can control these arguments (e.g., through pipeline configuration or automated scripts), leading to arbitrary code execution on the system running the ART evaluation.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rhoai | odh-kserve-agent-rhel9 | — | — |
| rhoai | odh-kserve-controller-rhel9 | — | — |
| rhoai | odh-kserve-router-rhel9 | — | — |
| rhoai | odh-kserve-storage-initializer-rhel9 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor process execution of robustness_evaluation_fgsm_pytorch.py for --clip_values or --input_shape arguments containing Python code constructs (e.g., __import__, os., subprocess., exec, open) indicative of injection attempts. ↗
- →Alert on Kubeflow pipeline configurations or automated scripts that supply non-numeric/non-tuple string values to --clip_values or --input_shape arguments of the ART evaluation script, as these may carry injected payloads. ↗
- →Audit Red Hat OpenShift AI (RHOAI) packages rhoai/odh-kserve-agent-rhel9, rhoai/odh-kserve-controller-rhel9, rhoai/odh-kserve-router-rhel9, and rhoai/odh-kserve-storage-initializer-rhel9 for affected ART versions (thru 1.20.1). ↗
- ·Exploitation requires attacker control over the --clip_values or --input_shape arguments, which is only possible if the attacker has access to Kubeflow pipeline configuration or automated scripts that invoke the ART evaluation script. ↗
- ·Restricting who can create, modify, or deploy Kubeflow pipelines and configurations is the primary mitigation; access controls persist across service restarts. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-24f5-hrhx-3grp: The Adversarial Robustness Toolbox (ART) thru 1
ghsa_unreviewed·2026-05-12
CVE-2026-31230 [CRITICAL] CWE-88 GHSA-24f5-hrhx-3grp: The Adversarial Robustness Toolbox (ART) thru 1
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values provided via the --clip_values and --input_shape command-line arguments. This allows an attacker to inject arbitrary Python code into these arguments, which will be executed when eval() is called. The vulnerability can be exploited remotely if an attacker can control these arguments (e.g., through pipeline configuration or automated scripts), leading to arbitrary code execution on the system running the ART evaluation.
Red Hat
adversarial-robustness-toolbox: Adversarial Robustness Toolbox: Arbitrary Code Execution via Command-Line Argument Injection
vendor_redhat·2026-05-12·CVSS 9.8
CVE-2026-31230 [CRITICAL] CWE-94 adversarial-robustness-toolbox: Adversarial Robustness Toolbox: Arbitrary Code Execution via Command-Line Argument Injection
adversarial-robustness-toolbox: Adversarial Robustness Toolbox: Arbitrary Code Execution via Command-Line Argument Injection
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values provided via the --clip_values and --input_shape command-line arguments. This allows an attacker to inject arbitrary Python code into these arguments, which will be executed when eval() is called. The vulnerability can be exploited remotely if an attacker can control these arguments (e.g., through pipeline configuration or automated scripts), leading to arbitrary code execution on the system running the ART evaluation.
A flaw
No detection rules found.
No public exploits indexed.
https://github.com/Trusted-AI/adversarial-robustness-toolboxhttps://www.notion.so/CVE-2026-31230-35d1e13931888126b624d12769c0e040https://access.redhat.com/security/cve/CVE-2026-31230https://bugzilla.redhat.com/show_bug.cgi?id=2476634https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31230.json
2026-05-12
Published