---
library_name: pytorch
tags:
  - security-research
  - modelscan-bypass
license: mit
---
# ModelScan Bypass PoC — http.server.HTTPServer
Security research for responsible disclosure via Huntr MFV program.
## Vulnerability
`http.server.HTTPServer` is not in modelscan's `unsafe_globals` blocklist.
modelscan reports "No issues found" but loading triggers starts an HTTP server on deserialization — serves ALL local files to the network.
## Impact: CRITICAL
`http` is not in the blocklist (only `httplib` is). HTTPServer constructor binds to a port and `socket` is used internally but the constructor is via http.server, not socket directly.
## Reproduction
```bash
pip install modelscan
modelscan scan -p bypass_poc.pkl
# Output: "No issues found!"
```