ESA AnomalyMatch Unsafe Deserialization RCE CVE-2026-38950 Advisory

Vulnerability Overview CVE ID: CVE-2026-38950 Title: Insecure Deserialization in ESA AnomalyMatch Leads to Arbitrary Code Execution Author: Ivan Marković via Accenture Date: 26.05.2026 Summary: - AnomalyMatch is an AI system developed by ESA that uses neural networks to identify anomalous astronomical objects. - Versions prior to 1.3.1 contain an insecure deserialization vulnerability, allowing attackers to execute arbitrary code via maliciously crafted checkpoint files. - The vulnerability was fixed in version 1.3.1, released on 11.05.2026. Impact Scope Affected Product: - Vendor: European Space Agency (ESA) - Product: AnomalyMatch - Affected Versions: < 1.3.1 - Fixed Version: 1.3.1 - Repository: https://github.com/esa/AnomalyMatch Vulnerability Details: - CWE: CWE-502 (Deserialization of Untrusted Data) - CVSS 3.1: TBA - Root Cause: AnomalyMatch uses and for handling model checkpoints. delegates object reconstruction to Python's pickle module, which is insecure during deserialization; attackers can exploit this flaw to execute arbitrary code. - Trigger Conditions: Triggered when a user loads a checkpoint file generated or modified by an attacker. Impact: - Successful exploitation allows for arbitrary code execution under the privileges of the user running AnomalyMatch. - May lead to data leakage, lateral movement, or tampering with downstream scientific results. Remediation Fixed Version: 1.3.1 (Released May 11, 2026) Remediation Measures: - Removal of all and calls. - Migration of checkpoint serialization to safetensors. - No longer supporting the loading of legacy / files. Recommendation: Users should upgrade to AnomalyMatch version 1.3.1 or later. Any previously stored / checkpoints from untrusted sources should not be loaded using older versions. Disclosure Timeline February 4, 2026: Initial report sent to ESA CERT March 25, 2026: Fix pull request opened (esa/AnomalyMatch PR #9) March 27, 2026: Fix merged into the main branch May 11, 2026: AnomalyMatch v1.3.1 released May 19, 2026: CVE-2026-38950 reserved May 26, 2026: Public disclosure References AnomalyMatch v1.3.1 Release Notes Fix Pull Request Accenture AARO CVE List CWE-502: Deserialization of Untrusted Data NASA Hubble Feature: AI Unlocks Hundreds of Cosmic Anomalies AnomalyMatch Security Advisory End End Marker: END OF ADVISORY Additional Information Homepage Link: Home --- POC Code No specific POC code or exploit code is included in this page.

Goal Reached Thanks to every supporter — we hit 100%!

ESA AnomalyMatch Unsafe Deserialization RCE CVE-2026-38950 Advisory