Listen to this Post
The vulnerability arises from the unsafe use of Python’s `eval()` function within the `torchgeo.models.get_weight()` API and related trainer modules in TorchGeo versions 0.4 through 0.6.0. When an external system exposes this API endpoint, an unauthenticated attacker can supply a maliciously crafted model weight identifier as a string. The `eval()` function then executes this string as arbitrary Python code during the weight loading process. This occurs without any sanitization or validation of the input, allowing the attacker to break out of the intended string context and execute system commands. The payload is executed with the privileges of the running application, leading to full remote code execution (RCE). The flaw is triggered specifically when the application attempts to resolve a model weight name using the `get_weight` function, which passes the user-controlled string directly into eval. This bypasses any intended restrictions on model selection and grants the attacker a direct code execution primitive. The issue is exacerbated in configurations where the API is exposed over a network, such as in model serving endpoints or training pipelines. The attack vector is remote and requires no authentication, making it critical for any deployment that exposes these functions.
dailycve form:
Platform: TorchGeo
Version: 0.4–0.6.0
Vulnerability: Remote Code Execution
Severity: Critical
date: 2026-04-01
Prediction: Patch already released
What Undercode Say:
Check for vulnerable eval usage in installed package
grep -r "eval(" $(python -c "import torchgeo, os; print(os.path.dirname(torchgeo.<strong>file</strong>))") 2>/dev/null
Example of unsafe pattern found in vulnerable versions def get_weight(name): return eval(name) Arbitrary code execution
Exploit:
Malicious payload through API
payload = "<strong>import</strong>('os').system('id')"
Request to get_weight endpoint with payload
Protection:
Upgrade to patched version pip install torchgeo>=0.6.1
Input validation workaround
import re
if not re.match(r'^[a-zA-Z0-9_]+$', user_input):
raise ValueError("Invalid weight name")
Impact:
Full system compromise, data exfiltration, lateral movement, denial of service.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

