CVE-2026-1839

{"id": "CVE-2026-1839", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.0}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2026-04-07T06:16:41.490", "references": [{"url": "https://github.com/huggingface/transformers/commit/03c8082ba4594c9b8d6fe190ca9bed0e5f8ca396", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/3c77bb97-e493-493d-9a88-c57f5c536485", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/3c77bb97-e493-493d-9a88-c57f5c536485", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used with PyTorch versions below 2.6, as the `safe_globals()` context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as `rng_state.pth`, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3."}], "lastModified": "2026-04-28T16:39:31.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "501E3796-D201-494C-B59D-FA598DC36738", "versionEndExcluding": "5.0.0"}, {"criteria": "cpe:2.3:a:huggingface:transformers:5.0.0:rc0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70A12094-61B0-49E7-9663-73E5B874E819"}, {"criteria": "cpe:2.3:a:huggingface:transformers:5.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "424574B4-B321-4D5A-BE48-95A61D9F3752"}, {"criteria": "cpe:2.3:a:huggingface:transformers:5.0.0:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3F5BCCD-1960-4809-9519-4ADDACAFB3D3"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}