CVE-2026-31235 in imgaug Libraryinformação

Sumário

de MITRE • 12/05/2026

The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the _augment_images_worker() method without any safety checks. An attacker who can influence the data placed into this queue (e.g., through social engineering, malicious input scripts, or a compromised shared queue) can provide a malicious pickle payload. When deserialized, this payload can execute arbitrary code in the context of the worker process, leading to remote or local code execution depending on the deployment scenario.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

MITRE

Reservar

09/03/2026

Divulgação

12/05/2026

Moderação

aceite

Entrada

VDB-363245

CPE

pronto

CWE

CWE-502 (confirmado)

CVSS

6.3 (VulDB)

EPSS

0.00088

KEV

não

Atividades

muito baixo

Sector

Pharma, Energy, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-31235
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-31235
CVE Details	https://www.cvedetails.com/cve/CVE-2026-31235/

◂ Voltar Visão Geral Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!