Bug 2476522 (CVE-2026-31228)

Summary: CVE-2026-31228 adversarial-robustness-toolbox: kubeflow: Adversarial Robustness Toolbox (ART) Kubeflow: Remote code execution via unsanitized user input
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: jkoehler, lphiri
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Adversarial Robustness Toolbox (ART), specifically within its Kubeflow component. The robustness evaluation function for PyTorch models uses the `eval()` function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without proper sanitization. A remote attacker can exploit this by providing a specially crafted string containing arbitrary Python code, leading to remote code execution and complete compromise of the system running the ART evaluation.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-12 16:02:16 UTC
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation.