Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-31238: Ludwig framework model server exposes systems to code execution
CVE-2026-31238
GHSA-xp5q-5q7g-q26r
Summary
The Ludwig framework's model server is at risk if an attacker provides a malicious model file. This could allow the attacker to run any code they want on the system hosting the model server. To fix this, update to Ludwig version 0.10.5 or later, which addresses this vulnerability.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | ludwig | <= 0.10.4 |
Original title
Ludwig framework is vulnerable to insecure deserialization in its model serving component
Original description
The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load() without enabling the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing a maliciously crafted PyTorch model file, leading to arbitrary code execution on the system hosting the Ludwig model server.
Vulnerability type
CWE-502
Deserialization of Untrusted Data
Published: 12 May 2026 · Updated: 28 May 2026 · First seen: 13 May 2026