Executive Summary

CVE-2026-38950 is an unsafe deserialization vulnerability in the European Space Agency's (ESA) AnomalyMatch AI system, present in versions before 1.3.1.

The vulnerability arises because the software loads model checkpoint files using torch.load() with unrestricted deserialization, allowing maliciously crafted checkpoint files to execute arbitrary code.

This happens due to the use of pickle-based serialization, which can execute arbitrary objects and callables embedded in the checkpoint file.

The issue was fixed in version 1.3.1 by replacing pickle-based serialization with the safer safetensors format and removing legacy loading methods.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in ESA AnomalyMatch allows arbitrary code execution via unsafe deserialization of model checkpoint files. Successful exploitation could lead to data theft, lateral movement, or manipulation of scientific results depending on the deployment environment.

Such risks could impact compliance with data protection regulations like GDPR or HIPAA if sensitive or personal data is exposed or manipulated due to this vulnerability.

However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.

Useful 0 Not Useful 0

Impact Analysis

Successful exploitation of this vulnerability can lead to arbitrary code execution on the system running ESA AnomalyMatch.

This can result in data theft, lateral movement within the network, or manipulation of scientific results depending on the deployment environment.

The risk is especially significant when loading checkpoint files from untrusted sources, which is common in machine learning workflows.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by identifying if your system is running ESA AnomalyMatch versions prior to 1.3.1 that load model checkpoint files using unsafe deserialization methods (torch.load with weights_only=False).

You can check the installed version of AnomalyMatch to determine if it is vulnerable.

• Run a command to check the version of ESA AnomalyMatch, for example: `anomalymatch --version` or check the version in your environment or package manager.
• Search for usage of torch.load in your codebase or environment to see if it is called with unsafe parameters, e.g., `grep -r "torch.load" /path/to/anomalymatch`.
• Monitor for suspicious loading of model checkpoint files from untrusted sources, as this is the attack vector.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade ESA AnomalyMatch to version 1.3.1 or later, where the vulnerability has been fixed by replacing unsafe pickle-based deserialization with the safer safetensors format.

Avoid loading model checkpoint files from untrusted or unknown sources to prevent exploitation.

If upgrading immediately is not possible, review and modify your code to avoid using torch.load with weights_only=False on untrusted files.

Useful 0 Not Useful 0