CVE-2026-0773

Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

Deserialization of Untrusted Data

Overview upsonic is a Task oriented AI agent framework for digital workers and vertical AI agents Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the addtool endpoint, which listens on TCP port 7541 by default, and uses cloudpickle.loads. An attacker can...

CVE-2026-0773

Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2026-0773 Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability

Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2026-0773 Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability

Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2026-0773

Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2026-0773

Upsonic is affected by a Cloudpickle deserialization vulnerability in the add_tool endpoint (default TCP port 7541). The flaw arises from improper validation of user-supplied data, allowing cloudpickle.loads() to deserialize untrusted data, enabling remote code execution with the service account’...

(0Day) Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Upsonic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the addtool endpoint, which listens on TCP port 7541 by default. The issue results from the lack...