CVE-2026-31223 - Vulnerability Details

Description

The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler.load() method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load() function on user-supplied file paths without any validation or security controls. Python's pickle module is inherently dangerous for deserializing untrusted data, as it can execute arbitrary code during the deserialization process. A remote attacker can exploit this by providing a maliciously crafted pickle file, leading to arbitrary code execution on the victim's system when the file is loaded via the vulnerable method.

Published: 2026-05-12

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The Snorkel library up to version 0.10.0 implements the BaseLabeler.load() method by calling Python's pickle.load on file paths supplied by the caller. Pickle deserializes objects without verifying their origin, allowing the execution of arbitrary code during unpickling. This flaw is classified as CWE‑502. A maliciously crafted pickle file, when loaded with the vulnerable method, can execute attacker provided code on the system running the library.

Affected Systems

All installations of the Snorkel machine learning library whose version is 0.10.0 or earlier. Systems that use the BaseLabeler.load() routine to ingest pre‑trained labeler models are affected. Updating to a newer release that removes the unsafe pickle usage eliminates the vulnerability.

Risk and Exploitability

The vulnerability permits arbitrary code execution on the host executing the untrusted pickle file. No remote network vector is explicitly defined in the advisory, but an attacker can trigger the flaw by delivering a malicious file to any process calling BaseLabeler.load(). The EPSS score is not available, and the issue is not listed in CISA’s KEV catalog, yet the severity is high because the flaw directly leads to full system compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Snorkel to a version newer than 0.10.0 that replaces BaseLabeler.load() with a safe deserialization mechanism.
If an upgrade is not possible, remove or replace any use of BaseLabeler.load() in your codebase; instead use alternative loading techniques that avoid pickle, such as JSON or a custom, validated format.
When deserialization is unavoidable, limit the source of pickle files to a strictly trusted directory, enforce strict path validation, and run the loading process within a restricted container or user context to contain potential exploitation.

Generated by OpenCVE AI on May 12, 2026 at 17:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/snorkel-team/snorkel
https://www.notion.so/CVE-2026-31223-35d1e1393188811ab1d0e4a8a2e67992

History

Tue, 12 May 2026 18:15:00 +0000

Type	Values Removed	Values Added
Title		Critical Insecure Deserialization in Snorkel BaseLabeler
Weaknesses		CWE-502

Tue, 12 May 2026 16:00:00 +0000

Type	Values Removed	Values Added
Description		The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler.load() method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load() function on user-supplied file paths without any validation or security controls. Python's pickle module is inherently dangerous for deserializing untrusted data, as it can execute arbitrary code during the deserialization process. A remote attacker can exploit this by providing a maliciously crafted pickle file, leading to arbitrary code execution on the victim's system when the file is loaded via the vulnerable method.
References		https://github.com/snorkel-team/snorkel https://www.notion.so/CVE-2026-31223-35d1e1393188811ab1d0e4a8a2e67992

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-05-12T00:00:00.000Z

Updated: 2026-05-12T15:15:38.656Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31223

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-12T16:16:14.223

Modified: 2026-05-12T16:38:07.807

Link: CVE-2026-31223

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-12T18:00:12Z

Weaknesses

CWE-502

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object