CVE-2026-0773

Upsonic · Cloudpickle

An unauthenticated remote code execution vulnerability exists in the Upsonic Cloudpickle component due to improper deserialization of untrusted data via the add_tool endpoint.

Executive summary

An unauthenticated remote code execution vulnerability in Upsonic Cloudpickle allows attackers to execute arbitrary code on the host system, presenting a critical risk to infrastructure.

Vulnerability

This is a deserialization of untrusted data vulnerability located in the add_tool endpoint (TCP port 7541). The flaw allows an unauthenticated remote attacker to execute arbitrary code within the context of the service account.

Business impact

With a CVSS score of 9.8, this vulnerability represents a critical risk to organizational security. Successful exploitation grants an attacker full control over the affected service, potentially leading to unauthorized data access, total system compromise, and lateral movement within the network.

Remediation

Immediate Action: Update the Upsonic software to the latest vendor-supplied version that addresses this deserialization flaw.

Proactive Monitoring: Monitor network traffic directed at TCP port 7541 for anomalous payloads or unexpected connection patterns.

Compensating Controls: Implement network-level access control lists (ACLs) to restrict access to the add_tool endpoint to trusted IP addresses only.

Exploitation status

Public Exploit Available: False

Analyst recommendation

Given the critical CVSS severity and the unauthenticated nature of this remote code execution flaw, immediate patching is required. Organizations should prioritize identifying all exposed Upsonic instances and restricting network access until a formal update is applied.