CVE-2026-31048

CRITICAL

Pyro v3.x - Code Injection

Title source: llm

Description

An issue in the <code>pickle</code> protocol of Pyro v3.x allows attackers to execute arbitrary code via supplying a crafted pickled string message.

References (3)

Scores

CVSS v3 9.8
EPSS 0.0009
EPSS Percentile 25.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Published Apr 13, 2026
Tracked Since Apr 14, 2026