CNNVD-202602-335 Information

CNNVD ID

CNNVD-202602-335

Related CVE

CVE-2025-70560

• CNNVD Published: 2026-02-03

Description (Chinese)

boltz是Jeremy Wohlwend个人开发者的一个生物模型的官方存储库。 boltz 2.0.0版本存在安全漏洞，该漏洞源于分子加载功能中使用Python pickle反序列化分子数据文件而未经验证，可能导致任意代码执行。

Description (English)

Boltz is the official repository of a biological model of Jeremy Wohlwend ’ s personal developer. There is a security loophole in Boltz version 2.0.0, which stems from the unverified use of Python Pickle anti-serialized molecular data files in the molecular loading function, which may result in arbitrary code execution.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2026-02-03

Last Modified

2026-02-24

References

https://github.com/jwohlwend/boltz/blob/cb04aeccdd480fd4db707f0bbafde538397fa2ac/src/boltz/data/mol.py#L80 https://github.com/jwohlwend/boltz/issues/600

Patch

https://github.com/jwohlwend/boltz/releases