CRITICAL 9.8

GHSA-xp5q-5q7g-q26r

Ludwig framework is vulnerable to insecure deserialization in its model serving component

Details

The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludwig serve command, the framework loads model weight files using torch.load() without enabling the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing a maliciously crafted PyTorch model file, leading to arbitrary code execution on the system hosting the Ludwig model server.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / ludwig

Introduced in: 0

No fixed version published yet for ludwig (pip). Pin to a known-safe version or switch to an alternative.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-31238 [ADVISORY]
https://github.com/ludwig-ai/ludwig [PACKAGE]
https://www.notion.so/CVE-2026-31238-35d1e1393188819ea77ee98ca85a2878 [WEB]