Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-4963

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...

7.6CVSS6.3AI score0.00575EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 6:31 p.m.4 views

EUVD-2026-16726

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...

7.6CVSS6.3AI score0.00575EPSS
Exploits1References8
NVD
NVD
added 2026/03/27 5:16 p.m.5 views

CVE-2026-4963

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...

10CVSS0.00575EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/03/27 5:5 p.m.26 views

CVE-2026-4963 huggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injection

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...

7.5CVSS0.00575EPSS
Exploits1References7
CVE
CVE
added 2026/03/27 5:5 p.m.25 views

CVE-2026-4963

CVE-2026-4963 affects huggingface smolagents 1.25.0.dev0, specifically the LocalPythonExecutor in src/smolagents/local_python_executor.py (evaluate_augassign/evaluate_call/evaluate_with). Root cause is a code injection vulnerability that can be triggered remotely. Public exploits exist; multiple ...

10CVSS6.3AI score0.00575EPSS
Exploits1References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/19 7:21 p.m.7 views

CVE-2026-2654

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

9.8CVSS5.4AI score0.00379EPSS
Exploits1References1
OSV
OSV
added 2026/02/18 2:16 p.m.5 views

CVE-2026-2654

A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component LocalPythonExecutor. Executing a manipulation can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been made...

9.8CVSS5.4AI score
Exploits0References5
CVE
CVE
added 2026/02/18 1:32 p.m.19 views

CVE-2026-2654

Affects huggingface smolagents 1.24.0. The LocalPythonExecutor uses requests.get/post, enabling remote SSRF via manipulation of outbound requests. Public PoC/exploit exists; vendor did not respond. Remediation not provided in the sources; no fixed version is listed for smolagents. Monitor for upd...

9.8CVSS5.4AI score0.00379EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20398

Name of the Vulnerable Software and Affected Versions huggingface smolagents version 1.24.0 Description A weakness exists in the LocalPythonExecutor component of the software. The functions requests.get and requests.post are affected, potentially leading to server-side request forgery. This issue...

9.8CVSS6.5AI score0.00379EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-22815

Malicious code in bioql PyPI...

10CVSS7.5AI score0.18654EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/07/29 10:34 a.m.16 views

CVE-2025-5120

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...

10CVSS7.9AI score0.18654EPSS
Exploits1References1
OSV
OSV
added 2025/07/27 9:30 a.m.5 views

GHSA-6V92-R5MX-H5FX smolagents has Sandbox Escape Vulnerability in the local_python_executor.py Module

A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution RCE. The vulnerability stems from the localpythonexecutor.py module, which inadequately restricts Python code...

9.9CVSS7.9AI score0.18654EPSS
Exploits1References4
Rows per page
Query Builder