CVE-2026-1839
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H
Summary
A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The _load_rng_state() method in src/transformers/trainer.py at line 3059 calls torch.load() without the weights_only=True parameter. This issue affects all versions of the library supporting torch>=2.2 when used with PyTorch versions below 2.6, as the safe_globals() context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as rng_state.pth, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| huggingface | huggingface/transformers | unspecified < v5.0.0rc3 | affected |
Weaknesses
- CWE-502: CWE-502 Deserialization of Untrusted Data
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
Additional References
References
- https://huntr.com/bounties/3c77bb97-e493-493d-9a88-c57f5c536485
- https://github.com/huggingface/transformers/commit/03c8082ba4594c9b8d6fe190ca9bed0e5f8ca396
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.