MindsDB Pickle Deserialization Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in MindsDB versions prior to 26.01. The issue arises in the Pickle Handler component, where the pickle.loads function is vulnerable to unsafe deserialization. This vulnerability can be exploited by uploading malicious model code that injects objects with harmful __reduce__ methods, leading to arbitrary code execution during the model prediction phase.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server where MindsDB is running.

Reproduction

The vulnerability can be reproduced by uploading a malicious BYOM handler that includes a class with a __reduce__ method designed to execute arbitrary commands. After uploading the handler, a model can be created that triggers the execution of the malicious code during the prediction phase by deserializing the model state that contains the injected payload.