CRITICAL 9.8
PYSEC-2026-510
Qiskit allows arbitrary code execution decoding QPY format versions < 13
Details
### Impact
A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats < 13. A python process calling Qiskit's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of a specially constructed payload.
### Patches
Fixed in Qiskit 1.4.2 and in Qiskit 2.0.0rc2
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / qiskit
Introduced in:
2.0.0rc1 Fixed in: 2.0.0rc2 Fix
pip install --upgrade 'qiskit>=2.0.0rc2' References
- https://github.com/Qiskit/qiskit/security/advisories/GHSA-6m2c-76ff-6vrf [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2025-2000 [ADVISORY]
- https://github.com/Qiskit/qiskit [PACKAGE]
- https://www.ibm.com/support/pages/node/7185949 [WEB]
- https://pypi.org/project/qiskit [PACKAGE]
- https://github.com/advisories/GHSA-6m2c-76ff-6vrf [ADVISORY]