CVE-2026-3071 – Flair LanguageModel Deserialization Remote Code Execution Vulnerability

CVE ID : CVE-2026-3071

Published : Feb. 26, 2026, 3:17 p.m. | 1 hour, 52 minutes ago

Description : Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-28296 – Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths

CVE-2026-28295 – Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses

CVE-2026-26265 – Discourse has IDOR vulnerability in the directory items endpoint

CVE-2026-26228 – VLC for Android < 3.7.0 Remote Access Path Traversal