VYPR
Critical severity9.8NVD Advisory· Published May 12, 2026· Updated May 26, 2026

CVE-2026-31217

CVE-2026-31217

Description

The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from that directory and executes its contents directly using Python's exec() function. This design does not validate or sanitize the file's content, allowing an attacker who controls the input directory to execute arbitrary Python code in the context of the process running the script.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Nebuly AI/Optimatereferences3 versions
    (expand)+ 2 more
    • (no CPE)
    • cpe:2.3:a:nebuly:optimate:2024-07-21:*:*:*:*:*:*:*
    • (no CPE)range: = a6d302f912b481c94370811af6b11402f51d377f

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.