Lucene search
+L

8 matches found

osv
osv
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-406 mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/06/05 7:45 p.m.10 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS5.8AI score0.00409EPSS
Exploits0References1
euvd
euvd
added 2026/05/12 6:30 p.m.8 views

EUVD-2026-29562

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

6.1AI score0.00409EPSS
Exploits0References3
osv
osv
added 2026/05/12 6:30 p.m.8 views

GHSA-PQ2F-X424-6FJM mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References3
github
github
added 2026/05/12 6:30 p.m.13 views

mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2026/05/12 12:0 a.m.35 views

CVE-2026-31239

The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization CWE-502 when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.frompretrained method uses torch.load to load the pytorchmodel.bin weight file without enabling the security-restrictive...

0.00409EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/12 12:0 a.m.12 views

PT-2026-40126

Name of the Vulnerable Software and Affected Versions mamba versions prior to 2.2.7 Description Insecure deserialization occurs when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from pretrained function uses torch.load to load the pytorch model.bin weight file without...

9.8CVSS6.2AI score0.00409EPSS
Exploits0References7
cve
cve
added 2026/05/12 12:0 a.m.23 views

CVE-2026-31239

The CVE-2026-31239 entry concerns the Mamba language model framework up to version 2.2.6. The issue is insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file...

9.8CVSS6.1AI score0.00409EPSS
Exploits0References2
Rows per page
Query Builder