CVE-2026-6878
verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval()
5.6
MEDIUM
CVSS 3.1
EPSS 0.06%
Description
A vulnerability was identified in ByteDance verl up to 0.7.1. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to a sandbox issue. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit is publicly available and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
How to fix CVE-2026-6878
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
Is CVE-2026-6878 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 0.7.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
| osv | CVSS 3.1 | MEDIUM5.6 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |