Description
The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the _augment_images_worker() method without any safety checks. An attacker who can influence the data placed into this queue (e.g., through social engineering, malicious input scripts, or a compromised shared queue) can provide a malicious pickle payload. When deserialized, this payload can execute arbitrary code in the context of the worker process, leading to remote or local code execution depending on the deployment scenario.
Published: 2026-05-12
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an insecure deserialization flaw in the BackgroundAugmenter class of imgaug 0.4.0. It leverages Python's pickle module to deserialize data from a multiprocessing queue without validation, allowing an attacker who controls the queue payload to execute arbitrary code within the worker process. This can lead to local or remote code execution depending on how the application is deployed.

Affected Systems

The issue affects the imgaug library up to and including version 0.4.0. Any project that imports imgaug and uses the BackgroundAugmenter component is susceptible. The flaw resides in the multicore.py module and is present in all builds that include this code.

Risk and Exploitability

Because the deserialization occurs in a background worker, an attacker must supply malicious data to the multiprocessing queue. This could be done through social engineering, executing a compromised script, or tampering with a shared queue in a shared environment. While no public exploit has been observed, the lack of input validation makes this a high‑risk vector, the CVSS score of 9.8 reflects critical severity, and the vulnerability is not listed in CISA KEV. The EPSS score is < 1%, indicating a very low but nonzero exploitation probability.

Generated by OpenCVE AI on May 14, 2026 at 22:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the imgaug library to the latest released version that removes the insecure deserialization or replaces pickle usage.
  • If upgrading is not immediately possible, ensure that data enqueued to the multiprocessing queue is sourced only from trusted or validated inputs and restrict queue producers.
  • As a temporary measure, disable or remove the BackgroundAugmenter component or replace it with a safer alternative that does not rely on pickle deserialization.

Generated by OpenCVE AI on May 14, 2026 at 22:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-g82g-j283-hj97 imgaug contains an insecure deserialization vulnerability in BackgroundAugmenter class within multicore.py module
History

Thu, 14 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Insecure Deserialization in imgaug BackgroundAugmenter Allows Remote or Local Code Execution

Thu, 14 May 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 13 May 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Aleju
Aleju imgaug
Vendors & Products Aleju
Aleju imgaug

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Title Insecure Deserialization in imgaug BackgroundAugmenter Allows Remote or Local Code Execution
Weaknesses CWE-502

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the _augment_images_worker() method without any safety checks. An attacker who can influence the data placed into this queue (e.g., through social engineering, malicious input scripts, or a compromised shared queue) can provide a malicious pickle payload. When deserialized, this payload can execute arbitrary code in the context of the worker process, leading to remote or local code execution depending on the deployment scenario.
References

Subscriptions

Aleju Imgaug
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-14T19:54:30.058Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31235

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-12T18:16:51.860

Modified: 2026-05-14T20:17:02.937

Link: CVE-2026-31235

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T22:30:25Z

Weaknesses