Description
PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions (via @sy.syft_function()) for remote execution on the server. While a code approval mechanism exists, the submitted code undergoes no security checks for dangerous operations (e.g., file access, command execution). Once approved, the code is executed within the server process using exec() and eval() functions without proper isolation. A remote attacker can leverage this to execute arbitrary Python code on the server, leading to complete compromise of the server environment.
Published: 2026-05-12
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

PySyft (Syft Datasite/Server) versions 0.9.5 and earlier permit low‑privileged users to submit Python functions through the @sy.syft_function decorator for execution on the server. The submitted code passes through an approval mechanism that performs no security checks; once approved it is executed via exec() and eval() within the server process. This allows an attacker to run arbitrary Python code, giving full control and leading to a complete compromise of the server environment.

Affected Systems

Python library PySyft (Syft Datasite/Server), versions 0.9.5 and earlier.

Risk and Exploitability

The vulnerability is a classic remote code execution flaw (CWE‑94). The EPSS score is not available, and the CVE is not listed in CISA KEV. Because the code is run inside the server process with full privileges, the exploitation would grant an attacker complete control over the server, threatening confidentiality, integrity, and availability. The most likely attack vector is via legitimate user functions submitted through the standard interface; any user who can create or update a function has the potential to trigger the flaw.

Generated by OpenCVE AI on May 12, 2026 at 17:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest PySyft release that includes the RCE fix, such as any version newer than 0.9.5.
  • If upgrading immediately is not possible, disable the @sy.syft_function feature or block user‑submitted code from executing on the server.
  • Implement a stricter code approval workflow that performs static analysis or sandbox validation before execution, or run approved code in a separate sandboxed process with limited permissions.

Generated by OpenCVE AI on May 12, 2026 at 17:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Unsanitized Python Code Execution in PySyft Server
Weaknesses CWE-94

Tue, 12 May 2026 16:00:00 +0000

Type Values Removed Values Added
Description PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions (via @sy.syft_function()) for remote execution on the server. While a code approval mechanism exists, the submitted code undergoes no security checks for dangerous operations (e.g., file access, command execution). Once approved, the code is executed within the server process using exec() and eval() functions without proper isolation. A remote attacker can leverage this to execute arbitrary Python code on the server, leading to complete compromise of the server environment.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-12T15:08:39.753Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31220

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T16:16:13.913

Modified: 2026-05-12T16:16:13.913

Link: CVE-2026-31220

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T18:00:12Z

Weaknesses