MITRE service request: 1987825
Status: RESERVED (pending a qualifying public reference per CNA Rules §5.3).
PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerable to remote code execution due to insufficient validation and sandboxing of user-submitted code. The system allows low-privileged users to submit Python functions (via @sy.syft_function()) for remote execution on the server. While a code approval mechanism exists, the submitted code undergoes no security checks for dangerous operations (e.g., file access, command execution). Once approved, the code is executed within the server process using exec() and eval() functions without proper isolation. A remote attacker can leverage this to execute arbitrary Python code on the server, leading to complete compromise of the server environment.
Low-privileged collaborators can upload @sy.syft_function payloads that pass administrative approval yet contain unrestricted Python. Execution uses exec/eval in-process without sandbox separation, so approved malicious code equals full server takeover.
73901fe937c221ae3f12b2fed3a280e3ee97fa8f cited in original submission).UserCodeService path ending in execute_byte_code() with exec/eval.dev_mode=False production sites mistakenly treat approval as security boundary.Critical for multi-tenant federated-learning deployments exposing the Syft API.