top of page
perceptive_background_267k.jpg

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files…

Published:

31 mei 2026 om 22:00:00

Alert date:

1 juni 2026 om 22:04:03

Source:

nvd.nist.gov

Click to open the original link from this advisory

Security Tools, Emerging Technologies

A critical vulnerability in ESA AnomalyMatch before version 1.3.1 allows attackers to execute arbitrary code through crafted model checkpoint files. The vulnerability stems from the use of torch.load() with unrestricted deserialization when loading model files from session directories. This unsafe deserialization flaw can be exploited by attackers who can provide malicious model checkpoint files to the application. The vulnerability affects the core functionality of the machine learning components that handle model loading operations.

Technical details

Mitigation steps:

Affected products:

ESA AnomalyMatch

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-38950
https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md
https://github.com/esa/AnomalyMatch/pull/9
https://imlabs.info/research/security_advisory_esa_anomaly_match_unsafe_deserialization_cve_2026_38950_ivan_markovic_052026.html

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page