{"id":"PYSEC-2026-511","summary":"Qiskit allows arbitrary code execution decoding QPY format versions \u003c 13","details":"### Impact\n\nA maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats \u003c 13. A python process calling Qiskit's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of a specially constructed payload.\n\n### Patches\n\nFixed in Qiskit 1.4.2 and in Qiskit 2.0.0rc2","aliases":["CVE-2025-2000","GHSA-6m2c-76ff-6vrf","PYSEC-2026-510"],"modified":"2026-07-01T20:23:03.448348Z","published":"2026-06-29T11:50:34.706122Z","references":[{"type":"WEB","url":"https://github.com/Qiskit/qiskit/security/advisories/GHSA-6m2c-76ff-6vrf"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2000"},{"type":"PACKAGE","url":"https://github.com/Qiskit/qiskit"},{"type":"WEB","url":"https://www.ibm.com/support/pages/node/7185949"},{"type":"PACKAGE","url":"https://pypi.org/project/qiskit-terra"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-6m2c-76ff-6vrf"}],"affected":[{"package":{"name":"qiskit-terra","ecosystem":"PyPI","purl":"pkg:pypi/qiskit-terra"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.18.0"},{"last_affected":"0.46.3"}]}],"versions":["0.18.0","0.18.1","0.18.2","0.18.3","0.19.0","0.19.1","0.19.2","0.20.0","0.20.1","0.20.2","0.21.0","0.21.0rc1","0.21.1","0.21.2","0.22.0","0.22.0rc1","0.22.1","0.22.2","0.22.3","0.22.4","0.23.0","0.23.0rc1","0.23.1","0.23.2","0.23.3","0.24.0","0.24.0rc1","0.24.1","0.24.2","0.25.0","0.25.0rc1","0.25.1","0.25.2","0.25.2.1","0.25.3","0.45.0","0.45.0rc1","0.45.1","0.45.2","0.45.3","0.46.0","0.46.1","0.46.2","0.46.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/qiskit-terra/PYSEC-2026-511.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}