CVE-2026-31222

Name of the Vulnerable Software and Affected Versions snorkel versions prior to 0.10.1

Description Insecure deserialization occurs in the Trainer.load() method of the Trainer class. The method utilizes torch.load() to load model checkpoint files without enabling the weights only=True parameter. This allows the deserialization of arbitrary Python objects via the Pickle module (a Python module used for serializing and deserializing objects), which can enable a remote attacker to execute arbitrary code on the system by providing a maliciously crafted model file.

Recommendations Update to a version later than 0.10.0. As a temporary workaround, restrict the loading of model files from untrusted sources when using the Trainer.load() method.