CVE-2026-4372 Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformers

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

PT-2026-42943

Name of the Vulnerable Software and Affected Versions HuggingFace transformers versions prior to 5.3.0 Description A critical remote code execution issue exists where an attacker can craft a malicious config.json file. By setting the attn implementation internal field to an attacker-controlled...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to regular expression denial of service (ReDoS) due to the transformers package (CVE-2025-2099)

Summary The transformers package is used by DataStage on Cloud Pak for Data as part of machine learning processing. Vulnerability Details CVEID:CVE-2025-2099 DESCRIPTION: A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3762 more potentially affected by CVE-2026-1839 via transformers (>=2.10.0 <=5.0.0rc2)

transformers PYPI version =2.10.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2026-1839 Source advisory:...

Hugging Face Transformers 安全漏洞

Hugging Face Transformers is an open-source framework developed by Hugging Face for defining state-of-the-art machine learning models. It covers text, visual, audio, and multi-modal models, and can be used for both inference and training. There is a security vulnerability in Hugging Face...

Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in transformers (No `trust_remote_code` Required)

Description A critical remote code execution vulnerability exists in the HuggingFace transformers library. An attacker can craft a malicious config.json containing the field attnimplementationinternal set to an attacker-controlled HuggingFace Hub repository ID. When a victim loads this model usin...

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the loadrngstate that uses unsafe torch.load function. An attacker can achieve an arbitrary code execution by...

artifex (>=0.7.0 <=0.11.0), axolotl (=0.14.0) +17 more potentially affected by CVE-2026-1839 via transformers (>=5.0.0 <=5.0.0rc2)

transformers PYPI version =5.0.0, =0.7.0, =0.0.10, =0.1.4, =4.9.0, =1.7.10, =0.14.6, =0.0.2, =5.2.0, =0.1.0, =0.30.0, =0.3.0, =0.3.6 and more Source cves: CVE-2026-1839 Source advisory: SNYK:PYTHON-TRANSFORMERS-15166618...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6638 and CVE-2025-3777.

Summary IBM Maximo Application Suite - Monitor Component uses transformers-4.51.3-py3-none-any.whl which is vulnerable to CVE-2025-6638 and CVE-2025-3777. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-6638 DESCRIPTION: A Regular Expression...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +10915 more potentially affected by CVE-2025-14927 via transformers (>=2.10.0 <=5.8.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =3.4.6 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14927 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564366...

Arbitrary Code Injection

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Arbitrary Code Injection via the convertconfig function. An attacker can execute arbitrary code by supplying a malicious checkpoint file that is process...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +10915 more potentially affected by CVE-2025-14928 via transformers (>=2.10.0 <=5.8.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =3.4.6 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14928 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564364...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +10915 more potentially affected by CVE-2025-14921 via transformers (>=2.10.0 <=5.8.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =3.4.6 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14921 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564365...

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the parsing process of model files. An attacker can execute arbitrary code in the context of the current user by...

Deserialization of Untrusted Data

Overview transformers is a State-of-the-art Machine Learning for JAX, PyTorch and TensorFlow Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the parsing of checkpoints. An attacker can achieve arbitrary code execution by tricking a user into opening a...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +10915 more potentially affected by CVE-2025-14926 via transformers (>=2.10.0 <=5.8.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =3.4.6 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14926 Source advisory: SNYK:PYTHON-TRANSFORMERS-14560695...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3618 more potentially affected by CVE-2025-14929 via transformers (>=4.0.0 <=4.57.6)

transformers PYPI version =4.0.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14929 Source advisory:...

adamix-gpt2 (>=0.0.1 <=0.0.2), allennlp (>=1.1.0 <=1.2.2) +67 more potentially affected by CVE-2025-14929 via transformers (>=3.0.0 <=3.5.1)

transformers PYPI version =3.0.0, =0.0.1, =1.1.0, =1.1.0, =0.0.2, =0.0.1, =0.0.7, =0.7.1, =0.2.4, =51.0.1, =0.0.1, =0.2.0, =0.4.1 and more Source cves: CVE-2025-14929 Source advisory: OSV:PYSEC-2025-217...

3m (>=0.1.1 <=0.1.3), 4dpocket (>=0.1.3 <=0.1.4) +8077 more potentially affected by CVE-2025-14930 via transformers (>=5.0.0 <=5.8.0)

transformers PYPI version =5.0.0, =0.1.1, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =2.3.15.994, =3.4.6 - aait-store-cut-part-001 =0.0.1 - aait-store-cut-part-002 =0.0.1 - aait-store-cut-part-003 =0.0.1 - aait-store-cut-part-004 =0.0.1 - aait-store-cut-part-005 =0.0.1 -...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3618 more potentially affected by CVE-2025-14928 via transformers (>=4.0.0 <=4.57.6)

transformers PYPI version =4.0.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14928 Source advisory:...