metadata
tags:
- modelscan-bypass
- security-research
ModelScan Bypass PoC — NumPy Format (cProfile.run)
Summary
modelscan fails to detect cProfile.run() in NumPy .npy files with object dtype, allowing full RCE.
Details
- Scanner: modelscan v0.7.6 / v0.8.8
- Format: NumPy (.npy)
- Technique: Object array with
__reduce__returningcProfile.run(stmt) - Scan result: 0 issues
- RCE: Confirmed via
np.load('model.npy', allow_pickle=True)
Reproduction
modelscan scan -p model.npy # 0 issues
python3 -c "import numpy; numpy.load('model.npy', allow_pickle=True)" # RCE