Arbitrary Code Injection Affecting ultralytics package, versions [,8.3.226)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Arbitrary Code Injection vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-PYTHON-ULTRALYTICS-14157230
- published14 Dec 2025
- disclosed2 Dec 2025
- creditUnknown
Introduced: 2 Dec 2025
New CVE NOT AVAILABLE CWE-94 (opens in a new tab)How to fix?
Upgrade ultralytics to version 8.3.226 or higher.
Overview
ultralytics is an Ultralytics YOLOv8 for SOTA object detection, multi-object tracking, instance segmentation, pose estimation and image classification.
Affected versions of this package are vulnerable to Arbitrary Code Injection via unsafe use of eval() on attacker-controllable strings. The cfg.smart_value helper, the string-handling branch in utils.checks.check_imgsz, and the initializer in utils/triton.py evaluate arbitrary text with eval() (for example, when parsing imgsz or Triton metadata) instead of using a safe parser like ast.literal_eval(). An attacker who can influence these inputs can inject and execute arbitrary Python expressions in the context of the running process.