CVE-2026-31228

Published: May 12, 2026

Modified: May 13, 2026

PUBLISHED

Description

The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Trusted-AI/adversarial-robustness-toolbox

https://www.notion.so/CVE-2026-31228-35d1e1393188817f9ab0dc4b1651dfe9

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-31228

Description

Affected Products

References