The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target class or restriction on which modules could be imported. An attacker can craft a serialized experiment file that causes the deserialization engine to import and instantiate arbitrary Python classes with attacker-controlled constructor arguments, resulting in arbitrary code execution in the context of the user running the Python process. Exploitation requires the victim to load a malicious file using LabOne Q's deserialization functions, for example a compromised experiment file shared for collaboration or support purposes.
Do not load untrusted experiment files: only deserialize experiment files (JSON, YAML) that originate from a trusted source. Treat serialized experiment files with the same caution as executable scripts.
Validate file provenance: when receiving experiment files from external parties (e.g. for support or collaboration), verify their origin before loading them.
Audit serialized files: before loading, inspect serialized experiment files and verify that only trusted classes are listed as deserializers.
Update LabOne Q to version 26.1.2 (security backport on the 26.1.x line) or to 26.4.0 or later. The package can be updated via pip install --upgrade laboneq.