Is uni2ts affected by CVE-2026-22584?

PyPI uni2ts is affected in <2.0.0.

Is CVE-2026-22584 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

critical

CVE-2026-22584

Q: Is CVE-2026-22584 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

PyPI · uni2ts

Summary

Salesforce Uni2TS has a Code Injection vulnerability

Severity: critical
EPSS: 0.4% (p29)
Also known as: GHSA-7x99-8x99-xc54
Published: 2026-01-10

References

https://nvd.nist.gov/vuln/detail/CVE-2026-22584
https://github.com/SalesforceAIResearch/uni2ts/pull/218
https://github.com/SalesforceAIResearch/uni2ts/commit/7f2d51dd729de018f0f22504f39a8475c6fed1c4

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.