Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-31219

AI Predicted 9.8 Difficulty: Easy EPSS 0.46% · P65

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 1

VendorProductVersion RangeStatus
n/an/an/aaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-31219

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When a user provides a single model file path (e.g., .pt or .pth) via the --model command-line argument, the function loads the file using torch.load() without enabling the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects through the Pickle module. A remote attacker can exploit this by providing a maliciously crafted model file, leading to arbitrary code execution during deserialization on the victim's system.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
OptiMate 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OptiMate是Nebuly开源的一个AI模型优化工具库。 optimate存在安全漏洞,该漏洞源于neural_magic_training.py脚本中的_load_model()函数使用torch.load()加载模型文件时未启用weights_only=True参数,导致不安全的反序列化,远程攻击者可通过提供恶意构造的模型文件导致任意代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2026-31219

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-31219

登录查看更多情报信息。

Same Patch Batch · n/a · 2026-05-12 · 60 CVEs total

CVE-2026-20754Intel NPU Drivers 代码问题漏洞
CVE-2026-20714Intel QAT software drivers for Windows 缓冲区错误漏洞
CVE-2025-35991Intel Xeon Scalable Processors 安全漏洞
CVE-2025-35990Intel Endpoint Management Assistant 输入验证错误漏洞
CVE-2025-35979Intel Processors 安全漏洞
CVE-2025-36510Intel Display Virtualization for Windows OS driver 缓冲区错误漏洞
CVE-2026-20793Intel QAT software drivers for Windows 安全漏洞
CVE-2026-20782Intel QAT software drivers for Windows 安全漏洞
CVE-2026-20772Intel Connectivity Performance Suite 代码问题漏洞
CVE-2026-20771Intel QAT software drivers for Windows 代码问题漏洞
CVE-2026-20794Intel Data Center Graphics Driver 安全漏洞
CVE-2026-20753Intel Slim Bootloader 输入验证错误漏洞
CVE-2026-20751Intel Data Center Graphics Driver 缓冲区错误漏洞
CVE-2026-20738Intel QuickAssist Adapter 8960 安全漏洞
CVE-2026-20718Intel NPU Driver for Linux和Intel NPU Driver for Windows 安全漏洞
CVE-2026-20717Intel QAT software drivers for Windows 输入验证错误漏洞
CVE-2025-65719kubectl-mcp-server 安全漏洞
CVE-2025-70842FluentCMS 跨站脚本漏洞
CVE-2026-31222Snorkel 安全漏洞
CVE-2026-31239Mamba 安全漏洞

Showing top 20 of 60 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2026-31219

No comments yet

Leave a comment