CVE-2026-38950EPSS p4.0%

CVE-2026-38950CVE-2026-38950

Description

An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load() with unrestricted deserialization.

Scoring

CVSS 7.8 ()
VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.14% probability of exploitation · percentile 4.0% · 2026-06-18T12:00:27Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-31214
CVE
CVE-2025-54951
CVE
CVE-2025-49655
CVE
CVE-2025-1945
CVE
CVE-2025-54950
CVE
CVE-2025-54949
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.