2 matches found
CVE-2026-44513
A flaw was found in Diffusers, a library for pretrained diffusion models. A remote attacker could exploit a bypass in the trustremotecode mechanism within the DiffusionPipeline.frompretrained function. This vulnerability allows for arbitrary remote code execution, even when the user explicitly se...
Diffusers: TOCTOU Trust Remote Code Bypass
Background This vulnerability is found in the diffusers package - the transformers-equivalent library for diffusion models. It is found in the DiffusionPipeline.frompretrained flow, which is used to load a pipeline from the HuggingFace Hub. This function has a trustremotecode guard: if the...