PatchSiren

Trusted AI CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Trusted AI CVE published 2026-05-12

CVE-2026-31230

The Adversarial Robustness Toolbox (ART) version up to 1.20.1 contains a command-line argument injection vulnerability. This vulnerability is located in the Kubeflow component, specifically in the robustness_evaluation_fgsm_pytorch.py script. The script uses the eval() function to parse string values from the --clip_values and --input_shape command-line arguments without proper sanitization. This allows a [truncated]

CRITICAL Trusted-AI CVE published 2026-05-12

CVE-2026-31228

The Adversarial Robustness Toolbox (ART) version 1.20.1 and earlier contains a critical vulnerability in its Kubeflow component, allowing for remote code execution. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. This vulnerability, [truncated]