CVE 9.8 CRITICAL

CVE-2026-31239_CVE-2026-31239

May 14, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file without enabling the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by publishing a malicious model repository on HuggingFace Hub. When a victim loads a model from this repository, arbitrary code is executed on the victim's system in the context of the mamba process.

AI Analysis

Insecure deserialization vulnerability in mamba language model framework

Basic Information

ID CVE-2026-31239

Source mitre

Published May 12, 2026 at 00:00

Modified May 14, 2026 at 19:54

Affected Product

Vendor state-spaces

Product mamba

Version 2.2.6

Affected Versions n/a n/a n/a

CWE Classification

CWE-502

AI Assessment

AI Score 9.8 / 10

AI Severity CRITICAL

Vendor state-spaces

Product mamba

Version 2.2.6

References

{
    "lastseen": "",
    "description": "The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file without enabling the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by publishing a malicious model repository on HuggingFace Hub. When a victim loads a model from this repository, arbitrary code is executed on the victim's system in the context of the mamba process.",
    "published": "2026-05-12T00:00:00.000Z",
    "modified": "2026-05-14T19:54:17.202Z",
    "type": "cve",
    "title": "CVE-2026-31239",
    "source": "mitre",
    "references": "https://github.com/state-spaces/mamba\nhttps://www.notion.so/CVE-2026-31239-35d1e1393188810d9baedfbd8363f396",
    "id": "CVE-2026-31239",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mamba",
    "version": "2.2.6",
    "vendor": "state-spaces",
    "ai_description": "Insecure deserialization vulnerability in mamba language model framework",
    "ai_severity": "CRITICAL",
    "ai_vendor": "state-spaces",
    "ai_product": "mamba",
    "ai_version": "2.2.6",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply