3 matches found
CVE-2026-3071
Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model...
CVE-2026-3071
The CVE concerns Flair’s LanguageModel class where deserialization of untrusted data in versions 0.4.1 to latest allows arbitrary code execution when loading a malicious model. The issue, with CVSSv3.1 metrics indicating HIGH severity (Local access, no user interaction, full scope and high confid...
PT-2026-22151
Name of the Vulnerable Software and Affected Versions Flair versions 0.4.1 through latest Description The deserialization of untrusted data in the LanguageModel class can lead to arbitrary code execution when loading a malicious model. Recommendations Versions prior to 0.4.1 are not affected. At...