{"id":"CVE-2026-31223","details":"The snorkel library thru v0.10.0 contains a critical insecure deserialization vulnerability (CWE-502) in the BaseLabeler.load() method of the BaseLabeler class. The method loads serialized labeler models using the unsafe pickle.load() function on user-supplied file paths without any validation or security controls. Python's pickle module is inherently dangerous for deserializing untrusted data, as it can execute arbitrary code during the deserialization process. A remote attacker can exploit this by providing a maliciously crafted pickle file, leading to arbitrary code execution on the victim's system when the file is loaded via the vulnerable method.","aliases":["GHSA-fq92-qc8f-482v"],"modified":"2026-07-08T08:12:46.786080344Z","published":"2026-05-12T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31223.json"},"references":[{"type":"WEB","url":"https://www.notion.so/CVE-2026-31223-35d1e1393188811ab1d0e4a8a2e67992"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31223.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31223"},{"type":"PACKAGE","url":"https://github.com/snorkel-team/snorkel"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/snorkel-team/snorkel","events":[{"introduced":"0"},{"last_affected":"9b642a212abec640a868ccc558fa3dbeb4c6a390"}],"database_specific":{"source":"CPE_RANGE","cpe":"cpe:2.3:a:snorkel:snorkel:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"0.10.0"}]}}],"versions":["v0.10.0","v0.9.9","v0.9.8","v0.9.7","v0.9.6","v0.9.5","v0.9.4","v0.9.3","v0.9.2","v0.9.1","v0.9.0","v0.7.0-beta","v0.6.3","v0.6.2","v0.6.1","v0.6","v0.5","v0.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-31223.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}