CVE-2026-31238

Name of the Vulnerable Software and Affected Versions Ludwig framework versions prior to 0.10.5

Description The model serving component is subject to insecure deserialization. When initiating a model server via the ludwig serve command, the framework utilizes the torch.load() function to load model weight files without the weights only=True parameter enabled. This allows the deserialization of arbitrary Python objects through the pickle module, which is a process of converting a byte stream back into an object. An attacker can provide a maliciously crafted PyTorch model file to achieve arbitrary code execution on the host system.

Recommendations Update to version 0.10.5 or later.