CVE-2026-15529
Received Received - Intake

Deserialization Vulnerability in PyOD Library

Vulnerability report for CVE-2026-15529, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: VulDB

Description

A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix this issue requires some minor changes.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
yzhao062 pyod From 3.5.0 (inc) to 3.5.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in PyOD affects the function pyod.utils.persistence.load, which deserializes data using joblib.load() without performing validation checks beforehand.

Because joblib/pickle deserialization can execute arbitrary Python code during loading, a crafted malicious artifact could execute harmful code before any security checks are applied.

This flaw allows an attacker to manipulate the argument path to trigger unsafe deserialization remotely.

Impact Analysis

This vulnerability can lead to arbitrary code execution in the environment where PyOD is used.

Potential impacts include credential theft, data exfiltration, or other malicious activities depending on the deployment context.

The risk is especially high for machine learning platforms or systems that load untrusted model artifacts, such as user-uploaded or third-party models.

In trusted environments where only verified artifacts are loaded, the impact is lower.

Detection Guidance

This vulnerability involves unsafe deserialization in the pyod.utils.persistence.load() function when loading untrusted model artifacts. Detection involves identifying usage of this function with untrusted inputs or artifacts.

To detect potential exploitation attempts on your system or network, you can monitor for suspicious file loads or deserialization calls related to pyod's persistence.load function, especially those involving untrusted or user-uploaded model files.

Since the vulnerability is triggered by deserialization of malicious artifacts, you can audit your codebase or runtime environment for calls to pyod.utils.persistence.load without the trusted=True parameter.

Suggested commands or approaches include:

  • Use grep or similar tools to find usage of pyod.utils.persistence.load in your code: `grep -r "persistence.load" /path/to/your/code`
  • Check logs or monitoring tools for unexpected file loads or deserialization events involving pyod or joblib.
  • If you have network monitoring, look for suspicious uploads or downloads of model artifact files that could be malicious.
  • In Python, you can add logging around calls to persistence.load to detect when untrusted artifacts are loaded without the trusted flag.
Mitigation Strategies

To mitigate this vulnerability, you should ensure that the pyod.utils.persistence.load function is only used to load artifacts from trusted sources.

The fix requires callers to explicitly set the parameter trusted=True when loading trusted artifacts. By default, loading untrusted artifacts is rejected to prevent arbitrary code execution.

Immediate mitigation steps include:

  • Update your pyod library to the fixed version that includes the trusted parameter enforcement.
  • Review your code to ensure that persistence.load is called with trusted=True only for verified, safe artifacts.
  • Avoid loading model artifacts from untrusted or user-uploaded sources.
  • Implement strict validation and verification of any model artifacts before loading.
  • Consider adding monitoring or alerting for any attempts to load artifacts without the trusted flag.
Compliance Impact

The vulnerability in pyod.utils.persistence.load allows arbitrary code execution during deserialization of untrusted artifacts. This can lead to credential theft, data exfiltration, or other malicious activities depending on the deployment environment.

Such risks can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.

If exploited, this vulnerability could result in unauthorized data access or leakage, thereby violating data protection requirements and potentially leading to non-compliance with these regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15529. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart