CRITICAL 9.8

PYSEC-2026-510

Qiskit allows arbitrary code execution decoding QPY format versions < 13

Details

### Impact

A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats < 13. A python process calling Qiskit's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of a specially constructed payload.

### Patches

Fixed in Qiskit 1.4.2 and in Qiskit 2.0.0rc2

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / qiskit

Introduced in: 2.0.0rc1 Fixed in: 2.0.0rc2

Fix pip install --upgrade 'qiskit>=2.0.0rc2'

References

https://github.com/Qiskit/qiskit/security/advisories/GHSA-6m2c-76ff-6vrf [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2025-2000 [ADVISORY]
https://github.com/Qiskit/qiskit [PACKAGE]
https://www.ibm.com/support/pages/node/7185949 [WEB]
https://pypi.org/project/qiskit [PACKAGE]
https://github.com/advisories/GHSA-6m2c-76ff-6vrf [ADVISORY]