9 matches found
CVE-2026-7584
The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...
CVE-2026-7584
The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...
CVE-2026-7584
The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...
CVE-2026-7584 Arbitrary Code Execution via Unsafe Deserialization in LabOne Q
The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...
CVE-2026-7584 Arbitrary Code Execution via Unsafe Deserialization in LabOne Q
The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...
EUVD-2026-26483
The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...
CVE-2026-7584
The CVE describes an Arbitrary Code Execution in LabOne Q caused by unsafe deserialization: its serialization framework uses a class-loading mechanism (import_cls) that accepted fully-qualified class names without validating targets or restricting modules. An attacker can craft a malicious serial...
PT-2026-36304
The LabOne Q serialization framework uses a class-loading mechanism import cls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...
Zurich Instruments LabOne Q 代码问题漏洞
Zurich Instruments LabOne Q is a software platform for experimental control and automation in quantum computing, developed by the Swiss company Zurich Instruments. There are code vulnerabilities in Zurich Instruments LabOne Q; these vulnerabilities stem from the importcls mechanism in the...