CVE-2026-6878
medium
CVSS v3
5.6
CVSS v4 NEW
2.9
VIR risk
5.6
Description
verl's math_equal() Vulnerable to Arbitrary Code Execution via Unsafe eval()
Predictions
Exploit likelihood
66%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
References
- https://github.com/zast-ai/vulnerability-reports/blob/main/bytedance/verl_rce.md
- https://vuldb.com/submit/795257
- https://vuldb.com/vuln/359040
- https://vuldb.com/vuln/359040/cti
- https://nvd.nist.gov/vuln/detail/CVE-2026-6878
- https://github.com/verl-project/verl
- https://github.com/verl-project/verl/blob/v0.7.1/verl/utils/reward_score/prime_math/grader.py
- https://github.com/advisories/GHSA-h57c-v2v3-5v3v
CWEs
CWE-264 CWE-265
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.