CRITICAL
APScheduler
CVE published 2026-05-19
CVE-2026-31072
CVE-2026-31072 is a critical insecure deserialization issue in APScheduler's JSONSerializer and CBORSerializer. According to the supplied CVE description, the unmarshal_object flow can dynamically import modules and invoke __setstate__ on arbitrary classes available in the Python environment, creating a path to remote code execution when a crafted JSON or CBOR payload is processed. The CVE was published o [truncated]