AML.T0074

Masquerading

Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.

71 CVEs mapped View on MITRE ATLAS →

Severity	CVE	Headline	Package	CVSS
CRITICAL	GHSA-vvpj-8cmc-gx39	picklescan: security flaw enables exploitation	picklescan	10.0
CRITICAL	CVE-2026-30821	flowise: Arbitrary File Upload enables RCE	flowise	9.8
CRITICAL	GHSA-7wx9-6375-f5wh	picklescan: Allowlist Bypass evades input filtering	picklescan	9.8
CRITICAL	GHSA-g38g-8gr9-h9xp	picklescan: Allowlist Bypass evades input filtering	picklescan	9.8
CRITICAL	CVE-2025-1945	picklescan: ZIP flag bypass enables RCE in PyTorch models	picklescan	9.8
CRITICAL	CVE-2026-40154	PraisonAI: supply chain RCE via unverified template exec	PraisonAI	9.3
CRITICAL	CVE-2026-28500	onnx: Integrity Verification bypass enables tampering	onnx	9.1
HIGH	CVE-2025-66448	vllm: Code Injection enables RCE	vllm	8.8
HIGH	GHSA-hgrh-qx5j-jfwx	picklescan: Protection Bypass circumvents security controls	picklescan	8.8
HIGH	CVE-2025-67729	lmdeploy: Deserialization enables RCE		8.8
HIGH	GHSA-j7w6-vpvq-j3gm	diffusers: silent RCE via None.py trust_remote_code bypass	diffusers	8.8
HIGH	GHSA-m3mh-3mpg-37hw	OpenClaw: .npmrc hijack enables RCE on plugin install	openclaw	8.6
HIGH	CVE-2025-10155	picklescan: file extension bypass allows model RCE	picklescan	7.8
HIGH	GHSA-w8hx-hqjv-vjcq	Paperclip: RCE via workspace runtime command injection	@paperclipai/server	7.3
HIGH	CVE-2025-9906	Keras: safe_mode bypass enables RCE via model load	keras	7.3
MEDIUM	CVE-2026-40148	PraisonAI: decompression bomb causes disk exhaustion	PraisonAI	6.5
MEDIUM	CVE-2026-26320	OpenClaw: UI deception enables arbitrary command execution	openclaw	6.5
MEDIUM	CVE-2025-1944	picklescan: ZIP spoof lets malicious PyTorch models bypass scan	picklescan	6.5
MEDIUM	CVE-2024-3099	MLflow: URL encoding bypass enables model poisoning	mlflow	5.4
MEDIUM	CVE-2026-35651	OpenClaw: ANSI injection spoof AI agent approval prompts	openclaw	4.3
LOW	CVE-2025-3777	Transformers: URL validation bypass exposes image pipeline	transformers	3.5
MEDIUM	GHSA-9w88-8rmg-7g2p	picklescan: scan bypass allows silent RCE via ML models	picklescan	—
MEDIUM	GHSA-fqq6-7vqf-w3fg	picklescan: detection bypass allows undetected RCE in ML models	picklescan	—
MEDIUM	GHSA-3gf5-cxq9-w223	picklescan: scanner bypass enables pickle RCE in ML models	picklescan	—
MEDIUM	GHSA-j343-8v2j-ff7w	picklescan: scanner bypass allows pickle-based RCE	picklescan	—
MEDIUM	GHSA-m869-42cg-3xwr	picklescan: scanner bypass enables RCE via ML models	picklescan	—
MEDIUM	GHSA-xp4f-hrf8-rxw7	picklescan: scanner bypass leads to undetected RCE	picklescan	—
MEDIUM	GHSA-4whj-rm5r-c2v8	picklescan: scanner bypass enables PyTorch gadget RCE	picklescan	—
MEDIUM	GHSA-9xph-j2h6-g47v	picklescan: scanner bypass enables RCE via model files	picklescan	—
MEDIUM	GHSA-cj3c-v495-4xqh	picklescan: security bypass enables RCE in ML pipelines	picklescan	—
MEDIUM	GHSA-7cq8-mj8x-j263	picklescan: detection bypass allows malicious pickle RCE	picklescan	—
MEDIUM	GHSA-6w4w-5w54-rjvr	picklescan: detection bypass allows RCE via ML model files	picklescan	—
MEDIUM	GHSA-f54q-57x4-jg88	picklescan: scanner bypass enables RCE in ML models	picklescan	—
MEDIUM	GHSA-6vqj-c2q5-j97w	picklescan: scanner bypass enables RCE via ML models	picklescan	—
MEDIUM	GHSA-5qwp-399c-mjwf	picklescan: bypass enables undetected RCE in ML models	picklescan	—
MEDIUM	GHSA-h3qp-7fh3-f8h4	picklescan: detection bypass via PyTorch proxy RCE	picklescan	—
MEDIUM	GHSA-f745-w6jp-hpxx	picklescan: RCE bypass via torch.utils.collect_env	picklescan	—
MEDIUM	GHSA-f4x7-rfwp-v3xw	picklescan: scanner bypass enables RCE via PyTorch function	picklescan	—
MEDIUM	GHSA-86cj-95qr-2p4f	picklescan: detection bypass enables PyTorch model RCE	picklescan	—
MEDIUM	GHSA-4r9r-ch6f-vxmx	picklescan: PyTorch bypass allows undetected RCE	picklescan	—
HIGH	GHSA-9gvj-pp9x-gcfr	picklescan: detection bypass allows malicious pickle exec	picklescan	—
MEDIUM	GHSA-r54c-2xmf-2cf3	ms-swift: RCE via pickle deserialization in adapter models		—
MEDIUM	GHSA-v7x6-rv5q-mhwc	picklescan: bypass allows silent RCE in ML pipelines	picklescan	—
MEDIUM	GHSA-fj43-3qmq-673f	picklescan: numpy bypass enables RCE in ML model pipelines	picklescan	—
HIGH	CVE-2025-46417	picklescan: scanner bypass enables DNS data exfiltration	picklescan	—
MEDIUM	CVE-2025-1716	picklescan: scanner bypass enables supply chain RCE	picklescan	—
CRITICAL	GHSA-5mg7-485q-xm76	litellm: supply chain attack harvests AI API credentials	litellm	—
CRITICAL	GHSA-955r-262c-33jc	telnyx: PyPI supply chain attack steals cloud creds		—
UNKNOWN	CVE-2026-22561	Claude Setup: DLL search-order hijacking LPE		—
HIGH	CVE-2026-42557	JupyterLab: one-click RCE via notebook HTML cell output	notebook	—
UNKNOWN	CVE-2026-42248	Ollama: silent auto-update bypasses signature check on Windows	ollama	—
HIGH	CVE-2025-67748	fickling: Code Injection enables RCE	fickling	—
HIGH	CVE-2025-67747	fickling: Allowlist Bypass evades input filtering	fickling	—
HIGH	GHSA-mxhj-88fx-4pcv	fickling: security flaw enables exploitation	fickling	—
LOW	GHSA-83pf-v6qq-pwmr	fickling: Allowlist Bypass evades input filtering	fickling	—
HIGH	GHSA-97f8-7cmv-76j2	picklescan: Allowlist Bypass evades input filtering	picklescan	—
HIGH	GHSA-9m3x-qqw2-h32h	picklescan: Deserialization enables RCE	picklescan	—
HIGH	GHSA-46h3-79wf-xr6c	picklescan: Code Injection enables RCE	picklescan	—
HIGH	CVE-2026-22612	fickling: Deserialization enables RCE	fickling	—
HIGH	CVE-2026-22608	fickling: Allowlist Bypass evades input filtering	fickling	—
HIGH	CVE-2026-22606	fickling: Allowlist Bypass evades input filtering	fickling	—
HIGH	GHSA-955r-x9j8-7rhh	picklescan: Code Injection enables RCE	picklescan	—
MEDIUM	GHSA-6556-fwc2-fg2p	picklescan: Code Injection enables RCE	picklescan	—
HIGH	GHSA-rrxm-2pvv-m66x	picklescan: Code Injection enables RCE	picklescan	—
HIGH	GHSA-x843-g5mx-g377	picklescan: Code Injection enables RCE	picklescan	—
HIGH	GHSA-vqmv-47xg-9wpr	picklescan: Deserialization enables RCE	picklescan	—
HIGH	GHSA-r8g5-cgf2-4m4m	picklescan: Deserialization enables RCE	picklescan	—
HIGH	GHSA-84r2-jw7c-4r5q	picklescan: Allowlist Bypass evades input filtering	picklescan	—
HIGH	CVE-2025-53000	nbconvert: security flaw enables exploitation		—
MEDIUM	GHSA-q77w-mwjj-7mqx	picklescan: scanner bypass enables model RCE	picklescan	—
MEDIUM	GHSA-49gj-c84q-6qm9	picklescan: scanner bypass enables RCE via ML model files	picklescan	—