Home / Vulnerability Intelligence / CVE-2026-31048

CVE-2026-31048 - Vulnerability Analysis

N/a

Last Updated: April 13, 2026

Pyro - Remote Code Execution

Published: April 13, 2026Updated: April 13, 2026PoC Available

Overview

Pyro v3.x contains an insecure deserialization vulnerability caused by unsafe handling of crafted pickled string messages, letting attackers execute arbitrary code remotely, exploit requires sending crafted pickled data.

Severity & Score

Severity: N/a

Impact

Attackers can execute arbitrary code remotely, potentially leading to full system compromise.

Mitigation

Update to the latest version of Pyro.

References

https://github.com/Sif-0x01/security-advisories/security/advisories/GHSA-7625-w9h5-83rv
https://github.com/irmen/Pyro3/blob/master/Pyro/protocol.py#L672-L711
https://github.com/irmen/Pyro3/blob/master/docs/9-security.html#L341-L346

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-31048
Severity: N/a
Type: insecure_deserialization
Status: new

CVSS Metrics

N/A