Home / Vulnerability Intelligence / CVE-2026-31228

CVE-2026-31228 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: May 13, 2026

Adversarial Robustness Toolbox - Remote Code Execution

Published: May 12, 2026Updated: May 13, 2026Remote Exploitable

Overview

Adversarial Robustness Toolbox (ART) <= 1.20.1 contains a remote code execution caused by unsafe use of eval() in the Kubeflow component's robustness evaluation function for PyTorch models, letting attackers execute arbitrary Python code remotely, exploit requires crafted input strings.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can execute arbitrary Python code remotely, leading to full system compromise.

Mitigation

Update to a version later than 1.20.1 or the latest available version.

References

https://github.com/Trusted-AI/adversarial-robustness-toolbox
https://www.notion.so/CVE-2026-31228-35d1e1393188817f9ab0dc4b1651dfe9

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-31228
Severity: Critical
CVSS Score: 9.8
Type: command_injection
Status: unconfirmed

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H