PatchSiren cyber security CVE debrief
CVE-2026-31228 Trusted-AI CVE debrief
The Adversarial Robustness Toolbox (ART) version 1.20.1 and earlier contains a critical vulnerability in its Kubeflow component, allowing for remote code execution. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. This vulnerability, tracked as CVE-2026-31228, has a CVSS score of 9.8 and is considered critical. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation. Users of ART should update to a version that addresses this vulnerability.
- Vendor
- Trusted-AI
- Product
- Adversarial Robustness Toolbox (ART)
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-12
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-05-12
- Advisory updated
- 2026-06-30
Who should care
Organizations using the Adversarial Robustness Toolbox (ART) version 1.20.1 or earlier should prioritize updating to a secure version. This vulnerability affects users of ART's Kubeflow component, particularly those in machine learning and AI environments. Given the critical severity and high CVSS score, immediate attention is required to prevent potential exploitation.
Technical summary
The Adversarial Robustness Toolbox (ART) contains a remote code execution vulnerability in its Kubeflow component. Specifically, the robustness evaluation function for PyTorch models uses the eval() function without proper sanitization to evaluate user-supplied strings for LossFn and Optimizer parameters. This allows an attacker to provide malicious input that, when evaluated, can execute arbitrary Python code. The vulnerability is tracked as CVE-2026-31228 and has a CVSS score of 9.8, indicating critical severity. The vulnerability exists in ART versions up to 1.20.1.
Defensive priority
High priority should be given to updating ART to a version that addresses this vulnerability. Organizations should review their use of ART's Kubeflow component and ensure that any user-supplied input is properly sanitized.
Recommended defensive actions
- Update ART to a version that addresses the CVE-2026-31228 vulnerability.
- Review and restrict use of the eval() function in ART's Kubeflow component.
- Implement proper input validation and sanitization for user-supplied strings.
- Monitor for and restrict malicious input to ART's robustness evaluation function.
- Consider compensating controls, such as network restrictions or additional monitoring, until a patch is applied.
Evidence notes
The CVE-2026-31228 vulnerability was publicly disclosed on May 12, 2026, and has since been modified on June 30, 2026. The vulnerability affects ART versions up to 1.20.1. The CVSS score of 9.8 indicates critical severity. Limited information is available on known affected scope or vendor remediation workflow.
Official resources
-
CVE-2026-31228 CVE record
CVE.org
-
CVE-2026-31228 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
- Source reference
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.