MosaicML Composer Deserialization Flaw (CVE-2026-10043) Enables Remote Code Execution via Malicious Checkpoints
A deserialization vulnerability in MosaicML Composer, tracked as CVE-2026-10043 with a CVSS score of 7.8, allows remote attackers to execute arbitrary code by tricking users into opening malicious checkpoint files.
The Zero Day Initiative (ZDI) has disclosed a high-severity deserialization vulnerability in MosaicML Composer, a popular open-source library for training and fine-tuning machine learning models. Tracked as CVE-2026-10043 and assigned a CVSS score of 7.8, the flaw resides in the library's checkpoint parsing mechanism and can be exploited to achieve remote code execution on affected systems.
The vulnerability stems from the lack of proper validation of user-supplied data during the parsing of checkpoint files. Specifically, the software fails to sanitize untrusted data before deserializing it, allowing an attacker to craft a malicious checkpoint that, when loaded by a user, executes arbitrary code in the context of the current process. Exploitation requires user interaction, such as visiting a malicious web page or opening a specially crafted file, making it a classic weaponized document-style attack vector.
MosaicML Composer is widely used in the machine learning community for building and deploying models, particularly in environments where researchers and developers share checkpoints for collaboration or model distribution. The vulnerability poses a significant risk to any organization or individual using the library to load checkpoints from untrusted sources, as a single malicious file could lead to full system compromise.
MosaicML has released a patch to address the vulnerability, available in the official GitHub repository at this commit. Users are strongly advised to update their installations immediately. The disclosure timeline indicates that the vulnerability was reported to the vendor on February 12, 2026, and the coordinated public advisory was released on June 24, 2026.
The flaw was discovered and reported by Michael DePlante (@izobashi) of TrendAI Zero Day Initiative, who identified the deserialization issue during a security audit of the library. This vulnerability highlights the growing attack surface in machine learning pipelines, where serialized model files and checkpoints are often exchanged without adequate security scrutiny.
As machine learning frameworks become more integrated into enterprise workflows, vulnerabilities like CVE-2026-10043 underscore the need for robust input validation and secure deserialization practices. Organizations using MosaicML Composer should prioritize patching and consider implementing additional safeguards, such as scanning checkpoints for malicious content before loading them into production environments.