CVE-2026-10043

Name of the Vulnerable Software and Affected Versions MosaicML Composer (affected versions not specified)

Description An issue exists in the parsing of checkpoints due to improper validation of user-supplied data, leading to the deserialization of untrusted data. This allows remote attackers to execute arbitrary code in the context of the current process. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.