ГлавнаяУязвимости → CVE-2026-38950
7.8высокая

CVE-2026-38950

Описание

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load() with unrestricted deserialization.

CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.mdhttps://github.com/esa/AnomalyMatch/pull/9https://imlabs.info/research/security_advisory_esa_anomaly_match_unsafe_deserialization_cve_2026_38950_ivan_markovic_052026.html