CVE-2026-10043
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
A vulnerability in MosaicML Composer allows remote code execution through the deserialization of untrusted data. User interaction is required to exploit this vulnerability, meaning the victim must visit a malicious page or open a malicious file.
Risk Assessment
An attacker can leverage this vulnerability to execute code in the context of the current process, potentially leading to serious security breaches in the system.
Recommendation
It is recommended to update MosaicML Composer to the latest version and implement security measures against opening untrusted files and visiting suspicious websites.
Original NVD description (English source)
MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27990.

