CVE-2026-2970
Received Received - Intake
Deserialization Vulnerability in datapizza-ai RedisCache Component

Publication date: 2026-02-23

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-23
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-02-23
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2970
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
datapizza datapizza_ai 0.0.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-2970 is an unsafe deserialization vulnerability in the datapizza-ai software, specifically in its RedisCache implementation. The vulnerability occurs because the application uses Python's pickle.loads() function to deserialize data retrieved from Redis without proper validation. This allows an attacker who can write malicious pickled data into the Redis cache to execute arbitrary system commands on the server hosting the application."}, {'type': 'paragraph', 'content': 'The vulnerable code is in the RedisCache class, where the get method deserializes cached data using pickle.loads(). Since pickle can execute arbitrary code during deserialization, malicious payloads can trigger remote code execution.'}, {'type': 'paragraph', 'content': 'Exploitation requires the attacker to be on the local network and able to write data into Redis. Although the attack complexity is high and exploitation is difficult, a proof-of-concept exploit has been publicly disclosed.'}] [1, 3]

Impact Analysis

This vulnerability can have severe impacts including allowing attackers to execute arbitrary system commands on the server hosting the datapizza-ai application.

  • Full server compromise through remote code execution.
  • Injection of fake cached data that can manipulate application or model behavior.
  • Establishment of persistent access such as reverse shells.

Because the vulnerability affects all features using the RedisCache module, any part of the application relying on this cache is at risk.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for the presence of malicious pickled objects in the Redis cache used by datapizza-ai. A practical detection method involves verifying if arbitrary code execution occurs upon deserialization of cached data.'}, {'type': 'paragraph', 'content': 'A suggested command sequence to test for exploitation involves injecting a malicious pickle payload into Redis and then triggering the vulnerable deserialization to observe if a side effect occurs (e.g., creation of a file).'}, {'type': 'list_item', 'content': 'Start a Redis server (e.g., using Docker).'}, {'type': 'list_item', 'content': 'Inject a malicious pickle payload into Redis under a test key, for example: `set poc "<malicious_pickle_payload>"`.'}, {'type': 'list_item', 'content': 'Trigger the vulnerable `RedisCache.get("poc")` method in the datapizza-ai application.'}, {'type': 'list_item', 'content': 'Check for side effects such as the creation of a file named `cachepwned` on the server, which indicates successful deserialization and code execution.'}, {'type': 'paragraph', 'content': 'Note: The malicious pickle payload used in the proof of concept executes `os.system("touch cachepwned")` upon deserialization.'}] [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the Redis cache to trusted users only, as exploitation requires local network access and the ability to write to the Redis cache.

Since no patches or vendor responses are currently available, consider the following actions:

  • Limit network access to the Redis server to prevent unauthorized write operations.
  • Monitor Redis keys for suspicious or unexpected data, especially pickled objects.
  • Avoid using unsafe deserialization methods like `pickle.loads()` on untrusted data.
  • Consider replacing or updating the affected component or software to a version that does not use unsafe deserialization.

Overall, minimizing exposure of the Redis cache and avoiding deserialization of untrusted data are critical immediate steps.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2970. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart