CVE-2026-38950

Published: Giu 01, 2026 Last Modified: Giu 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

Description

AI Translation Available

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load() with unrestricted deserialization.

https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE…

https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md

https://github.com/esa/AnomalyMatch/pull/9

https://imlabs.info/research/security_advisory_esa_anomaly_…

https://imlabs.info/research/security_advisory_esa_anomaly_match_unsafe_deseria…

CVE-2026-38950

Description

Iscriviti alla newsletter