CVE-2026-6878 | ByteDance verl up to 0.7.0 prime_math/grader.py math_equal sandbox

Inserito da Angelo Barbosa | Apr 22, 2026 | CVE

A vulnerability identified as critical has been detected in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue.

This vulnerability is traded as CVE-2026-6878. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6878 | ByteDance verl up to 0.7.0 prime_math/grader.py math_equal sandbox

Post correlati

CVE-2026-27572 | bytecodealliance wasmtime up to 24.0.5/36.0.5/40.0.3/41.0.3 allocation of resources (GHSA-243v-98vx-264h)

CVE-2026-1734 | Zhong Bang CRMEB up to 5.6.3 crontab Endpoint CrontabController.php authorization

CVE-2024-53846 | erlang otp up to 25.3.2.16/26.2.5.6/27.1.3 certificate validation

CVE-2024-0117 | NVIDIA GPU/vGPU/Cloud Gaming prior 16.8/17.4 on Windows User Mode Layer out-of-bounds