Browse all 4 CVE security advisories affecting Project-MONAI. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Project-MONAI is an open-source framework for medical imaging deep learning, enabling researchers to develop and deploy AI models for healthcare applications. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, primarily due to insecure input handling and improper access controls. The framework's complex architecture and integration with multiple third-party libraries contribute to its attack surface. While no major public security incidents have been documented, the presence of four CVEs indicates ongoing security challenges that require careful implementation and regular patching in production environments handling sensitive medical data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-21851 | MONAI has Path Traversal (Zip Slip) in NGC Private Bundle Download — MONAICWE-22 | 5.3 | Medium | 2026-01-07 |
| CVE-2025-58757 | MONAI's unsafe use of Pickle deserialization may lead to RCE — MONAICWE-502 | 8.8 | High | 2025-09-08 |
| CVE-2025-58756 | MONAI's unsafe torch usage may lead to arbitrary code execution — MONAICWE-502 | 8.8 | High | 2025-09-08 |
| CVE-2025-58755 | MONAI has path traversal issue that may lead to arbitrary file writes — MONAICWE-22 | 8.8 | High | 2025-09-08 |
This page lists every published CVE security advisory associated with Project-MONAI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.