Description
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the MultitaskClassifier.load() method of the MultitaskClassifier class. The method loads model weight files using torch.load() without enabling the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbitrary Python objects via the Pickle module. A remote attacker can exploit this by providing a maliciously crafted model file, leading to arbitrary code execution on the victim's system when the file is loaded via the vulnerable method.
Published: 2026-05-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Snorkel library, up to version 0.10.0, contains an insecure deserialization flaw in the MultitaskClassifier.load() method. The method calls torch.load() without the security‐restrictive weights_only=True parameter, allowing the Pickle module to instantiate arbitrary Python objects. A maliciously crafted model file can therefore trigger arbitrary code execution when it is loaded by an affected installation. This flaw aligns with CWE‑502, Insecure Deserialization.

Affected Systems

Python applications that depend on the Snorkel library and invoke MultitaskClassifier.load() on model files are vulnerable. The issue exists specifically in the v0.10.0 release and any codebases that import and use this function without additional precautions. Systems running this library in an environment where model files can be supplied by external or untrusted sources are at risk.

Risk and Exploitability

The EPSS score for this vulnerability is < 1%, and it is not listed in the KEV catalog. The CVSS score of 8.8 classifies it as a high severity vulnerability. Based on the description, it is inferred that an attacker can trigger exploitation by ensuring a malicious model file is loaded through the vulnerable method, which may require influencing the file selection process or supplying the file to a running application. No official CVE solution is provided, but the high impact warrants urgent action.

Generated by OpenCVE AI on May 13, 2026 at 15:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Snorkel library to the newest release where the load method enforces weights_only=True or otherwise secures the deserialization process.
  • If an upgrade cannot be performed immediately, modify the code that calls MultitaskClassifier.load() to explicitly set weights_only=True in torch.load() or replace the call with a safer deserialization routine.
  • Limit model files to trusted internal repositories and verify file integrity before loading to prevent an attacker from delivering malicious content.
  • If external model file input is unavoidable, execute the loading logic within a sandboxed environment to contain any potential code execution.

Generated by OpenCVE AI on May 13, 2026 at 15:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-gpx5-7xm4-229w Snorkel MultitaskClassifier.load uses an unsafe torch.load
History

Sun, 17 May 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Snorkel-team
Snorkel-team snorkel
Vendors & Products Snorkel-team
Snorkel-team snorkel

Wed, 13 May 2026 16:15:00 +0000

Type Values Removed Values Added
Title Snorkel MultitaskClassifier Insecure Deserialization Enables Arbitrary Code Execution

Wed, 13 May 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Snorkel
Snorkel snorkel
CPEs cpe:2.3:a:snorkel:snorkel:*:*:*:*:*:*:*:*
Vendors & Products Snorkel
Snorkel snorkel

Wed, 13 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-502
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Snorkel MultitaskClassifier Insecure Deserialization Enables Arbitrary Code Execution

Tue, 12 May 2026 16:00:00 +0000

Type Values Removed Values Added
Description The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the MultitaskClassifier.load() method of the MultitaskClassifier class. The method loads model weight files using torch.load() without enabling the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbitrary Python objects via the Pickle module. A remote attacker can exploit this by providing a maliciously crafted model file, leading to arbitrary code execution on the victim's system when the file is loaded via the vulnerable method.
References

Subscriptions

Snorkel Snorkel
Snorkel-team Snorkel
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-13T14:05:56.939Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31224

cve-icon Vulnrichment

Updated: 2026-05-13T14:05:17.304Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-12T16:16:14.327

Modified: 2026-05-13T15:44:54.743

Link: CVE-2026-31224

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-17T19:42:38Z

Weaknesses