CVE-2020-14343

CRITICAL

PyYAML < 5.4 - Remote Code Execution via Python Object Constructor

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-14343. PoCs published by j4k0m, sijie52, Kairo-one.

AI-analyzed exploit summary This repository contains a Flask web application demonstrating CVE-2020-14343, an insecure deserialization vulnerability in PyYAML leading to remote command execution. The PoC accepts base64-encoded YAML input and processes it using `yaml.load`, which can execute arbitrary code if malicious YAML is provided.

Description

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Exploits (3)

nomisec WORKING POC 3 stars
by j4k0m · poc
https://github.com/j4k0m/loader-CVE-2020-14343

This repository contains a Flask web application demonstrating CVE-2020-14343, an insecure deserialization vulnerability in PyYAML leading to remote command execution. The PoC accepts base64-encoded YAML input and processes it using `yaml.load`, which can execute arbitrary code if malicious YAML is provided.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: PyYAML (versions affected by CVE-2020-14343)
No auth needed
Prerequisites: Network access to the vulnerable application · Ability to send crafted YAML payloads
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by sijie52 · poc
https://github.com/sijie52/yasa-cve-2020-14343

This PoC demonstrates CVE-2020-14343, a deserialization vulnerability in PyYAML where unsafe loading of YAML content can lead to arbitrary code execution. The exploit uses `yaml.UnsafeLoader` to execute the `whoami` command via a crafted YAML payload.

Classification
Working Poc 100%
Attack Type
Deserialization
Complexity
Trivial
Reliability
Reliable
Target: PyYAML (versions before 5.4)
No auth needed
Prerequisites: PyYAML installed with vulnerable version · Ability to pass malicious YAML input to the application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Kairo-one · poc
https://github.com/Kairo-one/CVE-2020-14343-PyYAML

This repository contains a functional PoC for CVE-2020-14343, a PyYAML deserialization vulnerability allowing RCE via crafted YAML payloads. The exploit uploads a malicious YAML file to a target endpoint and triggers deserialization to achieve a reverse shell.

Classification
Working Poc 95%
Attack Type
Deserialization
Complexity
Moderate
Reliability
Reliable
Target: PyYAML < 5.4
No auth needed
Prerequisites: Target must use `yaml.load()` on untrusted input · Network access to target's `/upload` and `/login` endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 9.8
EPSS 0.1370
EPSS Percentile 94.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (4)
oracle/communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle/communications_cloud_native_core_network_function_cloud_native_environment 22.1.0
pypi/PyYAML 0 - 5.4PyPI
pyyaml/pyyaml 5.1 - 5.4
Published Feb 09, 2021
Tracked Since Feb 18, 2026