Loading market data...
← Back to CVE feed

CVE-2026-38950

HIGH CVSS 7.8 View on NVD ↗

Description

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load() with unrestricted deserialization.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: Jun 01, 2026 17:16 UTC Modified: Jun 01, 2026 21:16 UTC