17 matches found
CVE-2026-31229
A flaw was found in the Adversarial Robustness Toolbox ART, specifically within its Kubeflow component. This vulnerability, categorized as insecure deserialization CWE-502, occurs when loading model weights without proper security restrictions. A remote attacker can exploit this by uploading a...
CVE-2026-31230
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...
CVE-2026-31228
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...
EUVD-2026-29552
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...
EUVD-2026-29511
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...
CVE-2026-31229
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...
CVE-2026-31228
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...
CVE-2026-31229
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...
CVE-2026-31230
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...
CVE-2026-31228
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...
CVE-2026-31230
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustnessevaluationfgsmpytorch.py. The script uses the unsafe eval function to parse string values provided via the --clipvalues and --inputshape command-line...
PT-2026-40117
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component robustness evaluation fgsm pytorch.py. The script uses the unsafe eval function to parse string values provided via the --clip values and --input shape command-lin...
CVE-2026-31230
The CVE-2026-31230 vulnerability concerns the Adversarial Robustness Toolbox (ART) up to v1.20.1, specifically in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The issue arises from using unsafe eval() to parse string values passed via --clip_values and --input_shape, enabling a...
CVE-2026-31229
The ART (Adversarial Robustness Toolbox) package up to v1.20.1 contains an insecure deserialization vulnerability in its Kubeflow component’s model loading path. Loading model weights (e.g., model.pt) uses torch.load() without weights_only=True, allowing arbitrary Python object deserialization vi...
CVE-2026-31228
The connected documents confirm a vulnerability in the Adversarial Robustness Toolbox (ART) up to version 1.20.1, specifically in its Kubeflow component. The root cause is that the robustness evaluation function for PyTorch models uses Python’s unsafe eval() to dynamically evaluate user-supplied ...
CVE-2026-31228
The Adversarial Robustness Toolbox ART thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters...
PT-2026-40116
The Adversarial Robustness Toolbox ART thru 1.20.1 contains an insecure deserialization vulnerability CWE-502 in its Kubeflow component's model loading functionality. When loading model weights from a file e.g., model.pt during robustness evaluation, the code uses torch.load without the...