What is GHSA-q2mf-qjjq-ghcc?

GHSA-q2mf-qjjq-ghcc is a security advisory published by GitHub Security Advisories with High severity. The _load_model() function in the neural_magic_training.py script of the optimate project in...

Which CVE IDs does GHSA-q2mf-qjjq-ghcc cover?

GHSA-q2mf-qjjq-ghcc covers the following CVE IDs: CVE-2026-31218. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-q2mf-qjjq-ghcc?

GHSA-q2mf-qjjq-ghcc has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

GHSA-q2mf-qjjq-ghccHighCVSS 8.8

The _load_model() function in the neural_magic_training.py script of the optimate project in...

Vendor

GitHub Security Advisories

Published

May 12, 2026

Last Modified

May 15, 2026

🔗 CVE IDs covered (1)

CVE-2026-31218 →

📋 Description

The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) is vulnerable to insecure deserialization (CWE-502). When loading a model state dictionary from a state_dict.pt file via torch.load(), the function does not enable the weights_only=True security parameter. This allows the deserialization of arbitrary Python objects through the Pickle module. A remote attacker can exploit this by providing a maliciously crafted state_dict.pt file within a directory specified via the --model argument, leading to arbitrary code execution during the deserialization process on the victim's system.

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2026-31218
https://github.com/nebuly-ai/optimate
https://www.notion.so/CVE-2026-31218-35d1e139318881839bc8cf6007be2c76
https://github.com/advisories/GHSA-q2mf-qjjq-ghcc