critical

A critical deserialization vulnerability in a widely-deployed ML model serving framework allows unauthenticated remote code execution via crafted model files. Patch immediately — active exploitation observed in the wild.