Description
An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load() with unrestricted deserialization.
Published: 2026-06-01
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

ESA AnomalyMatch prior to version 1.3.1 loads model checkpoint files from session directories using the Python function torch.load without any restrictions on the payload, allowing malicious data to be deserialized and executed as arbitrary code. The vulnerability is a classic unsafe deserialization flaw that can be abused to compromise confidentiality, integrity, and availability of the system by running attacker supplied code in the host environment.

Affected Systems

The affected product is ESA’s AnomalyMatch software, specifically versions earlier than 1.3.1. No other vendors or product versions are listed in the CNA data.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, giving no clear indications of current exploitation activity. No CVSS score is provided. Based on the description, the likely attack vector involves an adversary that has the ability to place a crafted checkpoint file in a session directory or upload it through an existing API that accepts model files; this would trigger the unsafe torch.load call and allow code execution. The vulnerability is classed as a remote code execution risk with potentially high severity if exploitation conditions are met.

Generated by OpenCVE AI on June 1, 2026 at 18:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to ESA AnomalyMatch 1.3.1 or later to eliminate the unsafe deserialization.
  • If an upgrade cannot be applied immediately, deny write permissions to session directories for untrusted users or processes so that only trusted code can create or modify checkpoint files.
  • Implement file‑type validation or replace torch.load with a safe deserialization routine before loading any externally provided model checkpoints.

Generated by OpenCVE AI on June 1, 2026 at 18:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Unsafe Model Checkpoint Deserialization in ESA AnomalyMatch
Weaknesses CWE-502

Mon, 01 Jun 2026 17:00:00 +0000

Type Values Removed Values Added
Description An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load() with unrestricted deserialization.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-01T18:51:52.195Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-38950

cve-icon Vulnrichment

Updated: 2026-06-01T18:50:43.019Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T17:16:59.257

Modified: 2026-06-01T18:09:03.137

Link: CVE-2026-38950

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T18:45:34Z

Weaknesses