CVE-2026-31253

High

Published: 11 May 2026

Published

11 May 2026

Modified

12 May 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0002 5.5th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31253 is a high-severity Code Injection (CWE-94) vulnerability in Notion (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, ranked at the 5.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-44 Detonation Chambers

addresses: CWE-502 CWE-94

Untrusted serialized data can be deserialized and observed inside the chamber, blocking gadget-chain exploitation outside the sandbox.

SI-10 Information Input Validation

addresses: CWE-94 CWE-502

Validates inputs used in dynamic code generation to block injected directives.

CA-8 Penetration Testing

addresses: CWE-502

Penetration testing supplies malicious serialized objects, detecting unsafe deserialization and supporting corrective actions.

SA-11 Developer Testing and Evaluation

addresses: CWE-502

Evaluation of untrusted data handling (deserialization testing) reveals unsafe processing, which the required remediation process addresses.

SC-34 Non-modifiable Executable Programs

addresses: CWE-94

Makes persistent code injection into loaded programs impossible when the executable image itself resides on hardware-protected read-only media.

SI-16 Memory Protection

addresses: CWE-94

Directly prevents execution of attacker-supplied code written into data memory regions.

SI-3 Malicious Code Protection

addresses: CWE-502

Identifies and blocks malicious code introduced through deserialization of untrusted data at system boundaries.

SI-7 Software, Firmware, and Information Integrity

addresses: CWE-502

Integrity verification of serialized information can detect tampering before deserialization occurs.

NVD Description

The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure deserialization vulnerability (CWE-502) in its checkpoint loading mechanism. The load_checkpoint() function in checkpoint.py and the checkpoint loading code in eval.py use torch.load() without enabling the security-restrictive weights_only=True parameter. This…

allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by providing a maliciously crafted checkpoint file. When a victim loads this checkpoint during model warmstarting or evaluation, arbitrary code is executed on the victim's system.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-94 CWE-502

Affected Products

Notion

—

inferred from references and description; NVD did not file a CPE for this CVE

References

https://github.com/Dao-AILab/flash-attention
cve@mitre.org
https://www.notion.so/CVE-2026-31253-35d1e1393188813f9e77e2038104bc49
cve@mitre.org