Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2026-3071
CVE-2026-3071
Deserialization of untrusted data in the LanguageModel class of Flair from versions 0.4.1 to latest are vulnerable to arbitrary code execution when loading a malicious model.
Published Feb 27, 2026
https://www.hiddenlayer.com/sai-security-advisory/2026-02-flair
CVSS Score
High
7.1
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
pypi
flair
0.10
pypi
flair
0.11.1
pypi
flair
0.11.2
pypi
flair
0.11.3
pypi
flair
0.11
pypi
flair
0.12.1
pypi
flair
0.12.2
pypi
flair
0.12
pypi
flair
0.13.0
pypi
flair
0.13.1
pypi
flair
0.14.0
pypi
flair
0.15.0
pypi
flair
0.15.1
pypi
flair
0.4.1
pypi
flair
0.4.2
pypi
flair
0.4.3
pypi
flair
0.4.4
pypi
flair
0.4.5
pypi
flair
0.5.1
pypi
flair
0.5
pypi
flair
0.6.0.post1
pypi
flair
0.6.1.post1
pypi
flair
0.6.1
pypi
flair
0.6
pypi
flair
0.7
pypi
flair
0.8.0.post1
pypi
flair
0.8
pypi
flair
0.9
1-28 of 28
CVE-2026-3071 | Components Impacted | Sonatype Guide | Sonatype Guide
