CVE Catalog

CVE-2026-10043

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

A vulnerability in MosaicML Composer allows remote code execution through the deserialization of untrusted data. User interaction is required to exploit this vulnerability, meaning the victim must visit a malicious page or open a malicious file.

Risk Assessment

An attacker can leverage this vulnerability to execute code in the context of the current process, potentially leading to serious security breaches in the system.

Recommendation

It is recommended to update MosaicML Composer to the latest version and implement security measures against opening untrusted files and visiting suspicious websites.

Original NVD description (English source)

MosaicML Composer Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MosaicML Composer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of checkpoints. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27990.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS