Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-31237: Ludwig framework predict() method deserializes malicious data
CVE-2026-31237
GHSA-wcr3-gm9f-f87q
Summary
The Ludwig framework's predict() method can load and execute malicious code from a pickle file, allowing an attacker to run arbitrary code on the system. This can happen if a user provides a malicious pickle file to the predict() method. To protect against this, ensure that only trusted users can provide files to the predict() method and consider validating the file format before loading it.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | ludwig | <= 0.10.4 |
Original title
Ludwig framework is vulnerable to insecure deserialization through its predict() method.
Original description
The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the predict() method, the framework automatically determines the file format. If the file is a pickle (.pkl) file, it is loaded using pandas.read_pickle() without any validation or security restrictions. This allows the deserialization of arbitrary Python objects via the unsafe pickle module. A remote attacker can exploit this by providing a maliciously crafted pickle file, leading to arbitrary code execution on the system running the Ludwig prediction.
Vulnerability type
CWE-502
Deserialization of Untrusted Data
Published: 12 May 2026 · Updated: 31 May 2026 · First seen: 13 May 2026