README.md

---
tags:
- security-research
- modelscan-bypass
license: mit
---

# Modelscan Bypass PoC: gettext.install builtins modification

**Security research only. Do not use for malicious purposes.**

## Summary
Calls gettext.install() which modifies builtins by adding _() function.
gettext is not in modelscan's unsafe_globals blocklist.
Modifies Python builtins at load time.

## Reproduction
```bash
pip install modelscan
modelscan scan -p pytorch_model.bin
# Result: No issues found

python3 -c "import pickle; pickle.load(open('pytorch_model.bin', 'rb'))"
# Result: Code executes
```

## Affected
- modelscan 0.7.6 (latest as of 2026-04-11)

## Disclosure
Submitted to ProtectAI via Huntr.