Vulnerability Description
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values provided via the --clip_values and --input_shape command-line arguments. This allows an attacker to inject arbitrary Python code into these arguments, which will be executed when eval() is called. The vulnerability can be exploited remotely if an attacker can control these arguments (e.g., through pipeline configuration or automated scripts), leading to arbitrary code execution on the system running the ART evaluation.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://github.com/Trusted-AI/adversarial-robustness-toolbox
- https://www.notion.so/CVE-2026-31230-35d1e13931888126b624d12769c0e040
FAQ
What is CVE-2026-31230?
CVE-2026-31230 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the uns...
How severe is CVE-2026-31230?
CVE-2026-31230 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-31230?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.