PYSEC-2026-404

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/ludwig/PYSEC-2026-404.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-404
Aliases
Published
2026-06-29T11:50:49.017719Z
Modified
2026-07-01T20:22:56.815545Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Ludwig framework is vulnerable to insecure deserialization through its predict() method.
Details

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the predict() method, the framework automatically determines the file format. If the file is a pickle (.pkl) file, it is loaded using pandas.read_pickle() without any validation or security restrictions. This allows the deserialization of arbitrary Python objects via the unsafe pickle module. A remote attacker can exploit this by providing a maliciously crafted pickle file, leading to arbitrary code execution on the system running the Ludwig prediction.

References

Affected packages

PyPI / ludwig

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.10.4

Affected versions

0.*
0.1.0
0.1.1
0.1.2
0.2
0.2.1
0.2.2
0.2.2.2
0.2.2.3
0.2.2.4
0.2.2.5
0.2.2.6
0.2.2.7
0.2.2.8
0.3
0.3.1
0.3.2
0.3.3
0.4rc1
0.4
0.4.1
0.5rc1
0.5rc2
0.5
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.6
0.6.1
0.6.2
0.6.3
0.6.4
0.7
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.8
0.8.1
0.8.1.post1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.9
0.9.1
0.9.2
0.9.3
0.10.0
0.10.1
0.10.2
0.10.3
0.10.4

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/ludwig/PYSEC-2026-404.yaml"