Description
PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions (via @sy.syft_function()) for remote execution on the server. While a code approval mechanism exists, the submitted code undergoes no security checks for dangerous operations (e.g., file access, command execution). Once approved, the code is executed within the server process using exec() and eval() functions without proper isolation. A remote attacker can leverage this to execute arbitrary Python code on the server, leading to complete compromise of the server environment.
Published: 2026-05-12
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PySyft (Syft Datasite/Server) versions 0.9.5 and earlier permit low‑privileged users to submit Python functions through the @sy.syft_function decorator for execution on the server. The submitted code passes through an approval mechanism that performs no security checks; once approved it is executed via exec() and eval() within the server process. This allows an attacker to run arbitrary Python code, giving full control and leading to a complete compromise of the server environment.

Affected Systems

Python library PySyft (Syft Datasite/Server), versions 0.9.5 and earlier.

Risk and Exploitability

The vulnerability is a classic remote code execution flaw (CWE‑94). The EPSS score is < 1%, the CVSS score is 9.8, and the CVE is not listed in CISA KEV. Because the code is run inside the server process with full privileges, the exploitation would grant an attacker complete control over the server, threatening confidentiality, integrity, and availability. The most likely attack vector is via legitimate user functions submitted through the standard interface; any user who can create or update a function has the potential to trigger the flaw.

Generated by OpenCVE AI on May 15, 2026 at 19:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest PySyft release that includes the RCE fix, such as any version newer than 0.9.5.
  • If upgrading immediately is not possible, disable the @sy.syft_function feature or block user‑submitted code from executing on the server.
  • Implement a stricter code approval workflow that performs static analysis or sandbox validation before execution, or run approved code in a separate sandboxed process with limited permissions.

Generated by OpenCVE AI on May 15, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-cfpg-c974-jfhq PySyft server-side arbitrary Python execution after code approval
History

Fri, 15 May 2026 20:15:00 +0000

Type Values Removed Values Added
Title Unsanitized Python Code Execution in PySyft Server

Fri, 15 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Openmined
Openmined pysyft
Vendors & Products Openmined
Openmined pysyft

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Unsanitized Python Code Execution in PySyft Server
Weaknesses CWE-94

Tue, 12 May 2026 16:00:00 +0000

Type Values Removed Values Added
Description PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions (via @sy.syft_function()) for remote execution on the server. While a code approval mechanism exists, the submitted code undergoes no security checks for dangerous operations (e.g., file access, command execution). Once approved, the code is executed within the server process using exec() and eval() functions without proper isolation. A remote attacker can leverage this to execute arbitrary Python code on the server, leading to complete compromise of the server environment.
References

Subscriptions

Openmined Pysyft
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-15T18:05:42.663Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31220

cve-icon Vulnrichment

Updated: 2026-05-15T17:55:08.550Z

cve-icon NVD

Status : Deferred

Published: 2026-05-12T16:16:13.913

Modified: 2026-05-15T19:16:57.183

Link: CVE-2026-31220

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-15T20:00:07Z

Weaknesses