_explained / laboneq-quantum-experiment-file-rce-vulnerability
HIGH PLAIN ENGLISH 5 min read

Opening a Quantum Computing File Could Hand Attackers Full Control of Your System

A hidden flaw in a popular quantum research tool lets attackers run any code they want just by tricking you into opening a booby-trapped experiment file.

2026-05-01 · Read technical analysis →
💬
PLAIN ENGLISH EDITION

This article is written for general audiences — no security background needed. For the full technical analysis with CVE details, affected versions, and code-level breakdown, visit Intel Reports.

LabOne Q RCE Vulnerability — CVE-2026-7584

A single experiment file — the kind quantum computing researchers share casually over email and Slack every day — could silently hand an attacker complete control of a scientist's workstation, lab server, or the sensitive research data stored on it.

Who's at Risk — and Why It Matters Beyond the Lab

LabOne Q, developed by Zurich Instruments, is one of the leading software frameworks used to program and run quantum computing experiments. It's deployed in university research departments, national laboratories, and private quantum computing companies across North America, Europe, and Asia. While "quantum computing software" might sound niche, the labs running it often sit on enormously sensitive material: proprietary research worth millions of dollars in grant funding, pre-publication scientific breakthroughs, and in some cases, work touching on national security or pharmaceutical discovery.

The vulnerability, tracked as CVE-2026-7584 and rated HIGH with a CVSS score of 7.8, affects anyone running an unpatched version of LabOne Q on any operating system — Windows, macOS, or Linux. There are no reliable public figures on total deployment numbers, but LabOne Q is the standard tool in the Zurich Instruments ecosystem, which counts government-funded quantum programs and Fortune 500 research divisions among its customers. In a research environment where collaboration means sharing experiment files constantly, the attack surface is uncomfortably wide.

What an Attacker Can Actually Do

Imagine you're a quantum physicist. A colleague — or someone pretending to be one — sends you a file: a saved experiment configuration, the kind you might load up to replicate their results or continue their work. You double-click it. LabOne Q opens it without complaint. Nothing looks wrong. But in the background, the software has already done something catastrophic: it executed code hidden inside that file, code that the attacker wrote, code that now runs with every permission your user account has on your machine.

That's the essence of this flaw. When LabOne Q saves and loads experiment data, it uses a process called deserialization — essentially unpacking a saved file back into a working software object. To do that unpacking, it needs to know what kind of software object to rebuild, and it reads that information directly from inside the file itself. The problem: before this vulnerability was fixed, the software would trust that information completely, with no checking whatsoever. An attacker can write a malicious file that tells LabOne Q, "load this class from this module" — and LabOne Q obediently does it, even if that "class" is a system command designed to install malware, exfiltrate files, or create a back door.

The attacker doesn't need to be on your network. They don't need your password. They just need you to open their file. In academic and research settings, where sharing data files is as routine as sending a PDF, that's not a high bar. A poisoned file posted to a preprint server, shared in a lab group chat, or attached to a convincing spear-phishing email would do the job.

The Technical Anchor — For the Researchers in the Room

The root cause is an unsafe deserialization vulnerability via an unvalidated class-loading mechanism in LabOne Q's serialization framework. Specifically, the import_cls() function accepted fully-qualified Python class names directly from serialized data and dynamically imported and instantiated those classes — including attacker-controlled constructor arguments — with zero allowlist enforcement or module restriction. This is a textbook serialization gadget chain attack: no memory corruption required, no exploit reliability concerns, just clean, stable arbitrary code execution courtesy of Python's own import machinery being handed to an adversary. CVSS 7.8 (HIGH), vector: local file-triggered, but trivially delivered via social engineering in collaborative research workflows.

Discovered How? Exploited Yet?

As of publication, there is no confirmed active exploitation in the wild. No threat actor campaigns have been publicly attributed to this vulnerability, and no victims have been identified. However, security teams who work in the quantum research space or adjacent high-value research environments should treat the urgency as higher than a typical unconfirmed vulnerability — the reason being simple: the attack technique is straightforward to reproduce by anyone with basic Python knowledge and access to LabOne Q's file format documentation. The window between "no known exploitation" and "actively weaponized" for this class of vulnerability is historically short once a CVE is public.

Attribution for the discovery has not been publicly detailed at the time of writing. Zurich Instruments has acknowledged the issue and released a patched version of the framework.

What You Should Do Right Now

  1. Update LabOne Q immediately. Check your installed version by running pip show laboneq in your terminal. The vulnerability exists in versions prior to the patch. Update by running pip install --upgrade laboneq and confirm you are on the latest patched release. Check the official LabOne Q GitHub repository and Zurich Instruments' security advisories for the exact minimum safe version number for your environment.
  2. Treat all experiment files from unverified sources as untrusted. Until your environment is fully patched, do not open LabOne Q experiment files received via email, chat, or file-sharing services unless you can cryptographically verify their origin. This means establishing a verification workflow in your lab or team — even informal ones, like a quick voice confirmation with a colleague before loading a shared file, reduce risk substantially.
  3. Audit your environment for unexpected network activity or new processes. If you suspect you may have opened a malicious file before patching, look for signs of compromise: unexpected outbound connections, new scheduled tasks or cron jobs, unfamiliar processes, or new user accounts. On Linux and macOS, tools like netstat, ps aux, and auditd logs can help. On Windows, check Task Scheduler and review Event Viewer logs. When in doubt, contact your institution's security team or an incident response professional.

CVE-2026-7584 | CVSS 7.8 HIGH | Category: Remote Code Execution | Tags: unsafe-deserialization, arbitrary-code-execution, python-rce

// TOPICS
#unsafe-deserialization#arbitrary-code-execution#class-loading-bypass#serialization-gadget#python-rce
// WANT MORE DETAIL?

The technical analysis covers the exact vulnerability mechanism, affected code paths, attack chain, detection methods, and full remediation guide.

Read technical analysis →
Share on X → Get weekly digest →
// TOOLS WE RECOMMEND
NordVPN →

Encrypt your traffic against the threats we explain here.
NordPass →

Stop credential theft. Password manager from Nord Security.
Saily eSIM →

Travel privately. eSIM data for 150+ countries, 10% off.

Affiliate links — commission earned at no cost to you.