Home / Vulnerability Intelligence / CVE-2026-3071

CVE-2026-3071 - Vulnerability Analysis

HighCVSS: 8.4

Last Updated: February 26, 2026

Flair - Insecure Deserialization

Published: February 26, 2026Updated: February 26, 2026

Overview

Flair 0.4.1 to latest contains an insecure deserialization caused by loading malicious models in the LanguageModel class, letting attackers execute arbitrary code remotely, exploit requires loading a malicious model.

Severity & Score

Severity: High

CVSS Score: 8.4

Impact

Attackers can execute arbitrary code remotely by loading a malicious model, potentially compromising the system.

Mitigation

Update to the latest version with deserialization fixes.

References

https://www.hiddenlayer.com/sai-security-advisory/2026-02-flair

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3071
Severity: High
CVSS Score: 8.4
Type: insecure_deserialization
Status: new

CWE

CWE-502

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H