You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

YAML Metadata Warning: empty or missing yaml metadata in repo card

Check out the documentation for more information.

MONAI Bundle Config ACE PoC

Security research model bundle for huntr.com Model Format Vulnerability program.

DO NOT LOAD THIS BUNDLE — it contains a crafted MONAI bundle config that achieves arbitrary code execution via _target_ → pydoc.locate().

_target_ values in config JSON resolved via pydoc.locate() with zero allowlist
Achieves arbitrary code execution via monai.bundle.load() → create_workflow() → initialize()
Works even with MONAI_EVAL_EXPR=0
Same vulnerability class as NeMo CVE-2025-23304

Downloads last month: -; Downloads are not tracked for this model. How to track

Inference Providers NEW

This model isn't deployed by any Inference Provider. 🙋 Ask for provider support