NVD HIGH: CVE-2026-31222 — The snorkel library thru v0.10.0 contains an insecure deserialization vulnerabil...
The snorkel library thru v0.10.0 contains an insecure deserialization vulnerability (CWE-502) in the Trainer.load() method of the Trainer class. The method loads model checkpoint files using torch.load() without enabling the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbitrary Python objects via the Pickle module. A remote attacker can exp
CVE-2026-31222