CVE-2026-54499

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load() attempt torch.load(..., weights_only=True) but fall back to torch.load(..., weights_only=False) on attacker-controllable pickle.UnpicklingError, allowing a malicious .pt pretrain or model file to execute arbitrary pickle code when a Stanza NLP pipeline loads it. This issue is fixed in version 1.12.2.
Configurations

Configuration 1 (hide)

cpe:2.3:a:stanford:stanza:*:*:*:*:*:python:*:*

History

13 Jul 2026, 14:57

Type Values Removed Values Added
References () https://github.com/stanfordnlp/stanza/commit/b745008c68c9e50ccb5acd537cb6f2453f8b7ad4 - () https://github.com/stanfordnlp/stanza/commit/b745008c68c9e50ccb5acd537cb6f2453f8b7ad4 - Patch
References () https://github.com/stanfordnlp/stanza/pull/1587 - () https://github.com/stanfordnlp/stanza/pull/1587 - Issue Tracking, Patch
References () https://github.com/stanfordnlp/stanza/releases/tag/v1.12.2 - () https://github.com/stanfordnlp/stanza/releases/tag/v1.12.2 - Release Notes
References () https://github.com/stanfordnlp/stanza/security/advisories/GHSA-v5jw-96jm-7h2c - () https://github.com/stanfordnlp/stanza/security/advisories/GHSA-v5jw-96jm-7h2c - Exploit, Vendor Advisory
CPE cpe:2.3:a:stanford:stanza:*:*:*:*:*:python:*:*
First Time Stanford
Stanford stanza

09 Jul 2026, 14:16

Type Values Removed Values Added
References () https://github.com/stanfordnlp/stanza/security/advisories/GHSA-v5jw-96jm-7h2c - () https://github.com/stanfordnlp/stanza/security/advisories/GHSA-v5jw-96jm-7h2c -

08 Jul 2026, 23:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-08 23:16

Updated : 2026-07-13 14:57


NVD link : CVE-2026-54499

Mitre link : CVE-2026-54499

CVE.ORG link : CVE-2026-54499


JSON object : View

Products Affected

stanford

  • stanza
CWE
CWE-502

Deserialization of Untrusted Data

CWE-676

Use of Potentially Dangerous Function