Microsoft Olive Deserialization Flaw Allows Remote Code Execution via Malicious Models
A deserialization vulnerability in Microsoft Olive (ZDI-26-273) allows remote code execution when users open malicious model files, with a CVSS score of 7.8.
Microsoft has addressed a critical deserialization vulnerability in its Olive AI optimization toolkit, tracked as ZDI-26-273, which could allow attackers to execute arbitrary code on affected systems. The flaw, disclosed on April 15, 2026, by the Zero Day Initiative (ZDI), carries a CVSS score of 7.8 and resides in how Olive parses machine learning models.
The vulnerability stems from improper validation of user-supplied data during model parsing, leading to deserialization of untrusted data. An attacker can exploit this by convincing a user to visit a malicious webpage or open a specially crafted model file. Successful exploitation grants the attacker code execution within the context of the current process, potentially compromising the entire system.
Microsoft Olive is an open-source tool used to optimize machine learning models for deployment on various hardware platforms, including CPUs, GPUs, and AI accelerators. It is widely adopted by developers and data scientists working with frameworks like PyTorch and ONNX Runtime, making the vulnerability particularly concerning for organizations integrating AI pipelines.
Microsoft has released a fix via GitHub pull request #2389, which patches the deserialization issue. Users are strongly advised to update their Olive installations immediately. The vulnerability was reported to Microsoft by researcher Xingyu Wang on December 23, 2025, with coordinated disclosure occurring on April 15, 2026.
No CVE identifier has been assigned to this vulnerability as of the advisory date. The ZDI advisory notes that the flaw affects all versions of Microsoft Olive prior to the patch. Given the tool's integration into AI development workflows, the impact could be significant if exploited in supply-chain attacks targeting model repositories.
This disclosure highlights the growing attack surface in AI development tools, where deserialization vulnerabilities can serve as entry points for compromising developer environments. Organizations using Olive should prioritize applying the patch and review their model ingestion processes to mitigate similar risks.