A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix this issue requires some minor changes.
History

Mon, 13 Jul 2026 04:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in yzhao062 pyod 3.5.0/3.5.1/3.5.2. Affected is the function pyod.utils.persistence.load of the file pyod/utils/persistence.py. Performing a manipulation of the argument path results in deserialization. The attack can be initiated remotely. The pull request to fix this issue requires some minor changes.
Title yzhao062 pyod persistence.py pyod.utils.persistence.load deserialization
First Time appeared Yzhao062
Yzhao062 pyod
Weaknesses CWE-20
CWE-502
CPEs cpe:2.3:a:yzhao062:pyod:*:*:*:*:*:*:*:*
Vendors & Products Yzhao062
Yzhao062 pyod
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-07-13T03:45:08.697Z

Updated: 2026-07-13T03:45:08.697Z

Reserved: 2026-07-12T15:47:24.318Z

Link: CVE-2026-15529

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.