CNNVD-202602-914 Information

CNNVD ID

CNNVD-202602-914

Related CVE

CVE-2026-25632

• CNNVD Published: 2026-02-06

Description (Chinese)

EPyT-Flow是ERC Synergy Grant Water Futures开源的一个用于生成配水网络的水力和水质场景数据的Python包。 EPyT-Flow 0.16.1之前版本存在代码问题漏洞，该漏洞源于REST API使用支持类型字段的自定义反序列化器解析攻击者控制的JSON请求体，可能导致OS命令执行。

Description (English)

EPyT-Flow is a Python package for generating hydro and water quality scene data for water distribution networks from the ERC Synergy Grant Water Futures open source. There is a code problem loophole in the pre-EPyT-Flow 0.16.1 version, which stems from the use of a self-defined anti-serializer in the Support Type field by RET API to analyze the attacker-controlled JSON requests, which may lead to the execution of an OS command.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

ERC Synergy Grant Water Futures

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/WaterFutures/EPyT-Flow/commit/3fff9151494c7dbc72073830b734f0a7e550e385 https://github.com/WaterFutures/EPyT-Flow/releases/tag/v0.16.1 https://github.com/WaterFutures/EPyT-Flow/security/advisories/GHSA-74vm-8frp-7w68 https://access.redhat.com/security/cve/cve-2026-25632

Patch

https://github.com/WaterFutures/EPyT-Flow/releases