15 matches found
CVE-2026-58116
CVE-2026-58116 affects LLaMA-Factory up to version 0.9.5. A remote code execution vulnerability exists when a malicious model path is supplied via WebUI Chat/Training interfaces; unvalidated input is passed to AutoTokenizer.from_pretrained() and AutoModel.from_pretrained() with trust_remote_code=...
CVE-2026-58116 LLaMA-Factory 0.9.5 Remote Code Execution via WebUI Model Path
LLaMA-Factory through 0.9.5 contains a remote code execution vulnerability that allows attackers with WebUI access to execute arbitrary Python code by supplying a malicious model path in the Chat or Training interfaces. The application passes user-supplied model path input unvalidated into...
CVE-2026-4372
A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...
CVE-2026-4372 Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformers
A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...
CVE-2026-4372 Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in huggingface/transformers
A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview diffusers is a State-of-the-art diffusion in PyTorch and JAX. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the frompretrained flow. An attacker can execute arbitrary code by exploiting a race condition between two repository fetch...
PT-2026-42205
Name of the Vulnerable Software and Affected Versions diffusers affected versions not specified Description A race condition exists in the DiffusionPipeline.from pretrained flow when loading pipelines from the HuggingFace Hub. The process involves two separate HTTP calls: one via hf hub download ...
PYSEC-2026-41
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, diffusers 0.37.0 allows remote code execution without the trustremotecode=True safeguard when loading pipelines from Hugging Face Hub repositories. The resolvecustompipelineandcls function in pipelineloadingutils.py...
CVE-2026-44513
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...
CVE-2026-44827
Diffusers prior to 0.38.0 is vulnerable to silent remote code execution when loading pipelines from Hugging Face Hub without trust_remote_code. If custom_pipeline is not supplied, _resolve_custom_pipeline_and_cls formats None as None.py; a repository containing a None.py with a subclass of Diffus...
EUVD-2026-30334
Diffusers is the a library for pretrained diffusion models. Prior to 0.38.0, a trustremotecode bypass in DiffusionPipeline.frompretrained allows arbitrary remote code execution despite the user passing trustremotecode=False or omitting it, which is the default. The vulnerability has three variant...
Mamba 安全漏洞
Mamba is a state-space model for linear time series modeling, open-sourced by State-Spaces. Versions of Mamba 2.2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MambaLMHeadModel.frompretrained method, which used torch.load to load weight files without...
Arbitrary Code Injection
Overview diffusers is a State-of-the-art diffusion in PyTorch and JAX. Affected versions of this package are vulnerable to Arbitrary Code Injection in the frompretrained fucntion when a repository contains a None.py file and the custompipeline argument is not supplied. An attacker can execute...
Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components
Background This vulnerability is found in the DiffusionPipeline.frompretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function accepts an optional custompipeline keyword argument: the name of a Python file in the repo that contains a custom class inheriting from...
Arbitrary Remote Code Execution via `_attn_implementation_internal` Config Injection in transformers (No `trust_remote_code` Required)
Description A critical remote code execution vulnerability exists in the HuggingFace transformers library. An attacker can craft a malicious config.json containing the field attnimplementationinternal set to an attacker-controlled HuggingFace Hub repository ID. When a victim loads this model usin...