You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 23654
About this tag
CVE-2026-23654 is a high-severity remote code execution vulnerability listed in Microsoft's security catalog, tied to the GitHub repository microsoft/zero-shot-scfoundation. The flaw originates from an improperly managed third-party dependency in an open-source research repo used for evaluating single-cell foundation models. When unmitigated, the dependency chain can be abused to execute attacker-controlled code during installation or runtime, turning the repository into an RCE vector for development, CI/CD, or research environments. Microsoft issued an official remediation as part of the March 10, 2026 patch cycle. This tag covers discussions on mitigating supply chain risks associated with CVE-2026-23654, including dependency management and patch deployment strategies.
Microsoft's security catalog now lists CVE-2026-23654 — a high‑severity remote code execution (RCE) issue tied to the GitHub repository microsoft/zero-shot-scfoundation — and the vendor has issued an official remediation as part of the March 10, 2026 patch cycle. The flaw is not a classic...