Home / Vulnerability Intelligence / CVE-2026-31217

CVE-2026-31217 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: May 13, 2026

Optimate - Remote Code Execution

Published: May 12, 2026Updated: May 13, 2026Remote Exploitable

Overview

Optimate contains a remote code execution caused by unsanitized execution of module.py file from user-supplied directory via --model argument in _load_model(), letting attackers execute arbitrary Python code, exploit requires attacker control of input directory.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers controlling input directory can execute arbitrary Python code, potentially leading to full system compromise.

Mitigation

Validate and sanitize the contents of module.py before execution or avoid using exec() on untrusted input.

References

Related Resources

Details

CVE ID: CVE-2026-31217
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: unconfirmed

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H