HIGH

CVE-2026-1337 — RCE in Widely-Used Python ORM

April 7, 2026 · 1:20 AM · cve · vulnerability · rce · appsec

A deserialization bug in a popular Python ORM allows remote code execution via crafted query parameters when the legacy pickle backend is enabled. Exploit is trivial; patch is out. If you’re on the affected versions and haven’t migrated off pickle yet, do that today.

CVE-2026-1337 — RCE in Widely-Used Python ORM

Trending Tags

Tags