CVE-2026-0773
Upsonic · Cloudpickle
An unauthenticated remote code execution vulnerability exists in the Upsonic Cloudpickle component due to improper deserialization of untrusted data via the add_tool endpoint.
Executive summary
An unauthenticated remote code execution vulnerability in Upsonic Cloudpickle allows attackers to execute arbitrary code on the host system, presenting a critical risk to infrastructure.
Vulnerability
This is a deserialization of untrusted data vulnerability located in the add_tool endpoint (TCP port 7541). The flaw allows an unauthenticated remote attacker to execute arbitrary code within the context of the service account.
Business impact
With a CVSS score of 9.8, this vulnerability represents a critical risk to organizational security. Successful exploitation grants an attacker full control over the affected service, potentially leading to unauthorized data access, total system compromise, and lateral movement within the network.
Remediation
Immediate Action: Update the Upsonic software to the latest vendor-supplied version that addresses this deserialization flaw.
Proactive Monitoring: Monitor network traffic directed at TCP port 7541 for anomalous payloads or unexpected connection patterns.
Compensating Controls: Implement network-level access control lists (ACLs) to restrict access to the add_tool endpoint to trusted IP addresses only.
Exploitation status
Public Exploit Available: False
Analyst recommendation
Given the critical CVSS severity and the unauthenticated nature of this remote code execution flaw, immediate patching is required. Organizations should prioritize identifying all exposed Upsonic instances and restricting network access until a formal update is applied.