Description
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achieve arbitrary code execution when the file is loaded.
References (3)
Core 3
Core References
Issue Tracking
https://github.com/jwohlwend/boltz/issues/600
Various Sources
https://github.com/advisories/GHSA-fjm6-8xp2-4fwc
Scores
CVSS v3
8.4
EPSS
0.0009
EPSS Percentile
26.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (2)
jwohlwend/boltz
2.0.0
pypi/boltz
0PyPI
Published
Feb 03, 2026
Tracked Since
Feb 18, 2026