Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
1.2

datapizza-ai allows attackers to execute code via network access

CVE-2026-2970 GHSA-hg58-x52p-859c
Summary

A vulnerability in datapizza-ai's RedisCache function can be exploited by someone on the same local network, potentially allowing them to execute malicious code on your system. This is a serious issue that requires immediate attention. We recommend updating to the latest version of datapizza-ai as soon as possible to mitigate this risk.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
datapizza-ai-core <= 0.0.7
datapizza datapizza_ai 0.0.2
Original title
datapizza-ai has unsafe deserialization via pickle.loads() in RedisCache
Original description
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.7. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0 4.0
nvd CVSS3.1 7.5
nvd CVSS4.0 2.1
Vulnerability type
CWE-20 Improper Input Validation
CWE-502 Deserialization of Untrusted Data
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026