Remote Code Execution
333 entries
Every Remote Code Execution entry VulnWatch has indexed, sorted by publication date.
Subscribe to this tag's RSS feed
lmdeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out
> ## 📋 Reframing (2026-05-02): implicit unsafe remote-code path, not "supply-chain" > > The accurate description of this vulnerability is: > **"`get_model_arch` and related helpers hardcode `trust_re...
Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler
## Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the Triton...
LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization
## Summary lmdeploy hardcodes `trust_remote_code=True` in multiple HuggingFace model-loading call sites. The affected code paths are in: ```text lmdeploy/archs.py lmdeploy/utils.py ```` The vulner...
Diffusers: TOCTOU Trust Remote Code Bypass
## Background This vulnerability is found in the `diffusers` package - the `transformers`-equivalent library for diffusion models. It is found in the `DiffusionPipeline.from_pretrained` flow, which...
CVE-2026-24163: NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deseri
NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code executi...
CVE-2026-24142: NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful ex
NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and in...
CVE-2025-33255: NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserial
NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution...
9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes
## Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process...
CVE-2026-33233: AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agent
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.6.34 through 0.6.51, the backend deserializes Redis cache bytes...
MLFlow Creates a Temporary File With Insecure Permissions
In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_c...
CVE-2026-4137: In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` cr
In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_c...
CVE-2026-47092: Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attac
Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment varia...
ChromaDB Python project has a pre-authentication code injection vulnerability
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a maliciou...
CVE-2026-45829: A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an un
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a maliciou...
SGLanG: Multimodal scheduler deserializes untrusted pickle data on 0.0.0.0 ROUTER socket
SGLang's multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the intern...
SGLang: Unauthenticated RCE via --enable-custom-logit-processor
SGLang's multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will...
CVE-2026-7304: SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-lo
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will...
CVE-2026-7301: SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that cal
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the interne...
AVideo: OS command injection in on_publish.php execAsync via unescaped m3u8 URL
## Summary **Type:** Classic shell-metacharacter injection. The YPTSocket notification branch in `plugin/Live/on_publish.php` builds an `execAsync()` command line by string concatenation, single-quot...
python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection
## Summary `_prepare_environment()` in `cli_communication_protocol.py` passes a full copy of `os.environ` to every CLI subprocess. When combined with the Command Injection vulnerability (CWE-78) in `...
DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
### Summary The `task_create` tool spawns durable sub-agents that inherit two insecure defaults: - `allow_shell` defaults to `true` (`config.rs:1499`: `self.allow_shell.unwrap_or(true)`) - `auto_app...
DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval
### Summary The `run_tests` tool executes `cargo test` in the workspace with `ApprovalRequirement::Auto`, meaning it runs without any user approval prompt. The source code explicitly states this desi...
Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoint Allows Privilege Escalation to Code Execution
### Summary The tool update endpoint (`POST /api/v1/tools/id/{id}/update`) is missing the `workspace.tools` permission check that is present on the tool create endpoint. This allows a user who has be...
pyLoad is vulnerable to stored XSS in Downloads view via unsanitized link URL in packages.js template literal
## Summary The `packages.js` template at `src/pyload/webui/app/themes/modern/templates/js/packages.js:172` interpolates a stored link URL into a template literal inside single-quoted HTML and then wr...
CVE-2026-8597: Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3
Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution...