Description
Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model.
Published: 2026-02-26
Score: 8.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability arises from deserialization of untrusted data in the LanguageModel class of Flair, enabling arbitrary code execution when a malicious model file is loaded. This flaw is a classic insecure deserialization weakness (CWE‑502) that can compromise confidentiality, integrity, and availability if an attacker can control model input. The impact is the ability to run arbitrary code with the privileges of the process that loads the model.

Affected Systems

Flair, a machine learning library, is affected in all releases starting with 0.4.1 through the most recent version. Any deployment that loads models using the LanguageModel class is at risk. The vulnerability is listed against the Flair product across all affected releases.

Risk and Exploitability

The CVSS score of 8.4 indicates high severity. The EPSS score is below 1 %, suggesting limited current public exploitation activity, and it is not currently listed in the CISA KEV catalog. However, the vulnerability allows remote code execution, forcing users to treat it as high risk. Attackers would typically supply a crafted model file or supply a maliciously encoded model through any ingestion pathway. The exploitation requires only the ability to trigger the loading of a model file, so environments that allow model uploads or downloads are especially vulnerable.

Generated by OpenCVE AI on April 17, 2026 at 14:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Flair to a release that contains the deserialization fix, if one is available.
  • If a patch is not yet released, restrict model loading to trusted, authenticated sources and never load arbitrary user‑supplied model files.
  • Apply input validation or switch to a safer serialization mechanism that disallows dynamic code execution during deserialization.

Generated by OpenCVE AI on April 17, 2026 at 14:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Title Arbitrary Code Execution via Untrusted Deserialization in Flair LanguageModel

Fri, 27 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 27 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Flair
Flair flair
Vendors & Products Flair
Flair flair

Thu, 26 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Description Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Flair Flair
cve-icon MITRE

Status: PUBLISHED

Assigner: HiddenLayer

Published:

Updated: 2026-02-27T16:21:29.889Z

Reserved: 2026-02-23T19:38:10.854Z

Link: CVE-2026-3071

cve-icon Vulnrichment

Updated: 2026-02-27T16:21:20.126Z

cve-icon NVD

Status : Deferred

Published: 2026-02-26T15:17:48.803

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-3071

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T14:30:20Z

Weaknesses