CVE-2026-31235
Possible ATT&CK Techniques 1AI
T1059 · Command and Scripting InterpreterGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-31235
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The imgaug library thru 0.4.0 contains an insecure deserialization vulnerability in its BackgroundAugmenter class within the multicore.py module. The class uses Python's pickle module to deserialize data received via a multiprocessing queue in the _augment_images_worker() method without any safety checks. An attacker who can influence the data placed into this queue (e.g., through social engineering, malicious input scripts, or a compromised shared queue) can provide a malicious pickle payload. When deserialized, this payload can execute arbitrary code in the context of the worker process, leading to remote or local code execution depending on the deployment scenario.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
imgaug 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
imgaug是Alexander Jung个人开发者的一个图像增强工具库,用于机器学习数据扩充。 imgaug 0.4.0及之前版本存在安全漏洞,该漏洞源于BackgroundAugmenter类在multicore.py模块中使用Python的pickle模块反序列化数据时未进行安全检查,可能导致攻击者通过恶意pickle有效载荷执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2026-31235
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-31235
请登录查看更多情报信息。
Security Blog Posts for CVE-2026-31235 (1)
Same Patch Batch · n/a · 2026-05-12 · 60 CVEs total
| CVE-2026-20754 | Intel NPU Drivers 代码问题漏洞 | |
| CVE-2026-20714 | Intel QAT software drivers for Windows 缓冲区错误漏洞 | |
| CVE-2025-35991 | Intel Xeon Scalable Processors 安全漏洞 | |
| CVE-2025-35990 | Intel Endpoint Management Assistant 输入验证错误漏洞 | |
| CVE-2025-35979 | Intel Processors 安全漏洞 | |
| CVE-2025-36510 | Intel Display Virtualization for Windows OS driver 缓冲区错误漏洞 | |
| CVE-2026-20793 | Intel QAT software drivers for Windows 安全漏洞 | |
| CVE-2026-20782 | Intel QAT software drivers for Windows 安全漏洞 | |
| CVE-2026-20772 | Intel Connectivity Performance Suite 代码问题漏洞 | |
| CVE-2026-20771 | Intel QAT software drivers for Windows 代码问题漏洞 | |
| CVE-2026-20794 | Intel Data Center Graphics Driver 安全漏洞 | |
| CVE-2026-20753 | Intel Slim Bootloader 输入验证错误漏洞 | |
| CVE-2026-20751 | Intel Data Center Graphics Driver 缓冲区错误漏洞 | |
| CVE-2026-20738 | Intel QuickAssist Adapter 8960 安全漏洞 | |
| CVE-2026-20718 | Intel NPU Driver for Linux和Intel NPU Driver for Windows 安全漏洞 | |
| CVE-2026-20717 | Intel QAT software drivers for Windows 输入验证错误漏洞 | |
| CVE-2025-65719 | kubectl-mcp-server 安全漏洞 | |
| CVE-2025-70842 | FluentCMS 跨站脚本漏洞 | |
| CVE-2026-31222 | Snorkel 安全漏洞 | |
| CVE-2026-31239 | Mamba 安全漏洞 |
Showing top 20 of 60 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2026-31235
No comments yet