Ludwig Framework Insecure Deserialization Vulnerability in Model Serving Component

Vulnerability

A vulnerability allowing insecure deserialization has been identified in the Ludwig framework, affecting versions through 0.10.4. The issue arises in the model serving component, where the framework loads model weight files using torch.load() without the security-restrictive weights_only=True parameter. This oversight enables the deserialization of arbitrary Python objects via the pickle module. An attacker could exploit this vulnerability by providing a maliciously crafted PyTorch model file, potentially leading to arbitrary code execution on the system hosting the Ludwig model server.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on the server where Ludwig is running.

Added: May 12, 2026, 6:27 PM

Updated: May 12, 2026, 6:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.3

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.3

remediation

0.0

relevance

8.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ludwig Framework Insecure Deserialization Vulnerability in Model Serving Component

Vulnerability

Impact

Affected Products

Ludwig AI Ludwig

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating