41 matches found
PYSEC-2026-406 mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub
The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...
CVE-2026-31239
The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...
GHSA-PQ2F-X424-6FJM mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub
The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...
EUVD-2026-29562
The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...
ebes (>=0.0.0 <=0.0.3), helical (>=0.0.1a8 <=0.0.1a9) +2 more potentially affected by CVE-2026-31239 via mamba-ssm (>=1.0.1 <=2.2.5)
mamba-ssm PYPI version =1.0.1, =0.0.0, =0.0.1a8, =1.0.0, =1.2.0 - ml-trainer-sdk =0.1.0 Source cves: CVE-2026-31239 Source advisory: OSV:GHSA-PQ2F-X424-6FJM...
mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub
The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...
CVE-2026-31239
The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...
CVE-2026-31239
The CVE-2026-31239 entry concerns the Mamba language model framework up to version 2.2.6. The issue is insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file...
Mamba 安全漏洞
Mamba is a state-space model for linear time series modeling, open-sourced by State-Spaces. Versions of Mamba 2.2.6 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the MambaLMHeadModel.frompretrained method, which used torch.load to load weight files without...
PT-2026-40126
Name of the Vulnerable Software and Affected Versions mamba versions prior to 2.2.7 Description Insecure deserialization occurs when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from pretrained function uses torch.load to load the pytorch model.bin weight file without...
CVE-2026-31239
The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...
CVE-2026-7141
A flaw was found in vllm. A remote attacker can exploit a vulnerability in the hasmambalayers function within the KV Block Handler component. By performing a specific manipulation, an uninitialized resource can be triggered, potentially leading to information disclosure or denial of service. The...
vLLM makes Use of Uninitialized Resource
A vulnerability was found in vLLM up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...
Use of Uninitialized Resource
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Use of Uninitialized Resource via the hasmambalayers function in the KV Block Handler. An attacker can cause unintended behavior by leaking data...
CVE-2026-7141
A vulnerability was found in vllm up to 0.19.0. The affected element is the function hasmambalayers of the file vllm/v1/kvcacheinterface.py of the component KV Block Handler. Performing a manipulation results in uninitialized resource. It is possible to initiate the attack remotely. The attack is...
CVE-2026-7141
CVE-2026-7141 affects vllm up to 0.19.0, specifically the KV Block Handler’s has_mamba_layers function in vllm/v1/kv_cache_interface.py. A manipulation can trigger an uninitialized resource, with remote initiation possible. The issue is described as high complexity and difficult exploitability, w...
Jailbreaking Leaves a Trace: Understanding and Detecting Jailbreak Attacks from Internal Representations of Large Language Models
Jailbreaking large language models LLMs has emerged as a critical security challenge with the widespread deployment of conversational AI systems. Adversarial users exploit these models through carefully crafted prompts to elicit restricted or unsafe outputs, a phenomenon commonly referred to as...
5gasp-cli (>=0.1.0 <=0.4.0), ablator (=0.0.1b3) +348 more potentially affected by CVE-2026-22702 via virtualenv (>=12.1.1 <=20.35.4)
virtualenv PYPI version =12.1.1, =0.1.0, =2.0.1, =0.0.2, =0.1.0, =0.0.1a0, =0.2.0, =0.6.1.91, =1.5.0, =2024.7.4, =0.8.3b20230820, =0.8.3b20231012, =1.0.1b20240404 and more Source cves: CVE-2026-22702 Source advisory: OSV:GHSA-597G-3PHW-6986...
EUVD-2014-5692
Malware in sbrugna...
Towards Reliable and Practical LLM Security Evaluations Via Bayesian Modelling
Before adopting a new large language model LLM architecture, it is critical to understand vulnerabilities accurately. Existing evaluations can be difficult to trust, often drawing conclusions from LLMs that are not meaningfully comparable, relying on heuristic inputs or employing metrics that fai...