CVE-2026-14723
Received Received - Intake

Deserialization Vulnerability in AD_Miner Cache Handler

Vulnerability report for CVE-2026-14723, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-05

Last updated on: 2026-07-05

Assigner: VulDB

Description

A vulnerability was determined in AD-Security AD_Miner 1.9.0. Affected is the function request_a of the file ad_miner/scripts/analyse_cache.py of the component Cache Handler. This manipulation of the argument sys.argv[1] causes deserialization. The attack can only be executed locally. The pull request to fix this issue awaits acceptance.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-05
Last Modified
2026-07-05
Generated
2026-07-05
AI Q&A
2026-07-05
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ad-security ad_miner 1.9.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in AD-Security AD_Miner 1.9.0, specifically in the function request_a within the file ad_miner/scripts/analyse_cache.py. It involves unsafe deserialization of data using Python's pickle module. The function takes an argument from the command line (sys.argv[1]) and deserializes it without proper validation. Because pickle can execute arbitrary code during deserialization, a crafted cache file could allow an attacker to run malicious Python code under the user account running AD Miner.

The attack can only be executed locally, meaning an attacker must have local access to the system to exploit this vulnerability. The issue arises when users load or inspect cache files from untrusted sources, such as other users, customers, or shared folders, which could be manipulated to include malicious payloads.

Impact Analysis

This vulnerability can lead to arbitrary code execution on the local system under the privileges of the user running AD Miner. If an attacker can trick a user into loading a maliciously crafted cache file, they could execute harmful Python code, potentially compromising the system or stealing sensitive information.

Since the vulnerability requires local access and user interaction (loading or inspecting a malicious cache file), it poses a risk mainly in environments where cache files are shared or exchanged between users or teams. This could enable social engineering or cache poisoning attacks.

Detection Guidance

The vulnerability involves unsafe deserialization of local cache files by the AD Miner tool, specifically in the request_a function of analyse_cache.py. Detection involves identifying if AD Miner is being used and if untrusted or suspicious cache files are being loaded.

Since the attack is local and involves pickle deserialization, detection can focus on monitoring the usage of AD Miner scripts that load cache files, especially the invocation of analyse_cache.py with arguments pointing to cache files.

Suggested commands to detect potential exploitation or presence of malicious cache files include:

  • Check running processes or recent command history for usage of analyse_cache.py or other AD Miner scripts loading cache files: `ps aux | grep analyse_cache.py` or `history | grep analyse_cache.py`
  • Inspect cache files passed as arguments for suspicious or unexpected files, especially those from untrusted sources.
  • Use file integrity monitoring or hash checks on cache files to detect unexpected changes.
  • If possible, run a controlled test by attempting to load cache files with pickle in a safe environment to detect malicious payloads.
Mitigation Strategies

Immediate mitigation steps focus on preventing unsafe deserialization of untrusted cache files by AD Miner.

  • Avoid loading cache files from untrusted or unknown sources to reduce risk of malicious pickle payloads.
  • Restrict local access to the system and AD Miner tool to trusted users only, since the attack requires local execution.
  • Monitor and audit usage of AD Miner scripts, especially analyse_cache.py, to detect suspicious activity.
  • Apply the pending security fix from the pull request that introduces a restricted cache unpickler, which only permits safe classes and blocks malicious pickle objects.

Until the fix is accepted and deployed, consider disabling or limiting the use of the vulnerable cache loading functionality.

Compliance Impact

The provided information does not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-14723. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart