--- tags: - modelscan-bypass - security-research --- # ModelScan Bypass PoC — NumPy Format (cProfile.run) ## Summary modelscan fails to detect `cProfile.run()` in NumPy .npy files with object dtype, allowing full RCE. ## Details - **Scanner**: modelscan v0.7.6 / v0.8.8 - **Format**: NumPy (.npy) - **Technique**: Object array with `__reduce__` returning `cProfile.run(stmt)` - **Scan result**: 0 issues - **RCE**: Confirmed via `np.load('model.npy', allow_pickle=True)` ## Reproduction ```bash modelscan scan -p model.npy # 0 issues python3 -c "import numpy; numpy.load('model.npy', allow_pickle=True)" # RCE ```