{"id":"CVE-2026-31222","details":"The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the Trainer.load() method of the Trainer class. The method loads model checkpoint files using torch.load() without enabling the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbitrary Python objects via the Pickle module. A remote attacker can exploit this by providing a maliciously crafted model file, leading to arbitrary code execution on the victim's system when the file is loaded via the vulnerable method.","aliases":["GHSA-78cp-f66x-qmh5","PYSEC-2026-3068"],"modified":"2026-07-13T16:43:08.592891117Z","published":"2026-05-12T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31222.json"},"references":[{"type":"WEB","url":"https://www.notion.so/CVE-2026-31222-35d1e139318881db8398e0732af8df6d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31222.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31222"},{"type":"PACKAGE","url":"https://github.com/snorkel-team/snorkel"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/snorkel-team/snorkel","events":[{"introduced":"0"},{"last_affected":"9b642a212abec640a868ccc558fa3dbeb4c6a390"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:snorkel:snorkel:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"0.10.0"}]}}],"versions":["v0.10.0","v0.9.9","v0.9.8","v0.9.7","v0.9.6","v0.9.5","v0.9.4","v0.9.3","v0.9.2","v0.9.1","v0.9.0","v0.7.0-beta","v0.6.3","v0.6.2","v0.6.1","v0.6","v0.5","v0.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31222.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}