CVE-2026-1839

Published: Apr 7, 2026

Modified: Apr 7, 2026

PUBLISHED

CVSS v3.0

6.5

MEDIUM

Description

A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used with PyTorch versions below 2.6, as the `safe_globals()` context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as `rng_state.pth`, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3.

Vendor	Product	Versions
huggingface	huggingface/transformers	affected `unspecified - < v5.0.0rc3`

Weaknesses (CWE)

CWE-502

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

High

References

https://huntr.com/bounties/3c77bb97-e493-493d-9a88-c57f5c536485

https://github.com/huggingface/transformers/commit/03c8082ba4594c9b8d6fe190ca9bed0e5f8ca396

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-1839

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References