CVE-2026-7712

Vulnerability

Overview

The MindsDB BYOM (Bring Your Own Model) feature allows users to upload custom Python model code. The vulnerability resides in the Pickle Handler, which uses pickle.loads() during model prediction to deserialize model state. An attacker can craft a malicious pickle object containing a __reduce__() method that executes arbitrary code upon deserialization [1].

Exploitation

The attack is carried out remotely without requiring authentication. The exploitation sequence involves: uploading a malicious BYOM handler via the PUT /api/handlers/byom/<engine_name> endpoint, registering it as an ML engine, creating a model that triggers train() to pickle the malicious object, and then querying the model to invoke predict(), which calls pickle.loads() on the stored state. This triggers the __reduce__() method, leading to arbitrary code execution [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code on the MindsDB server. This can lead to full system compromise, data exfiltration, or lateral movement within the network. The vulnerability is publicly disclosed and may be actively exploited [1].

Mitigation

The vendor was contacted but did not respond, and no official patch is available as of the disclosure date. Users should restrict network access to the MindsDB API, avoid using the BYOM feature with untrusted models, and monitor for suspicious activity. Given the public exploit, this vulnerability should be prioritized for mitigation [1].