CVE-2026-5241

A flaw was found in python-transformers. An attacker can exploit this vulnerability by providing a malicious model repository. During model initialization, the trustremotecode parameter, intended to prevent remote code execution, is overridden by untrusted configuration data. This allows the...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +10915 more potentially affected by CVE-2025-14929 via transformers (>=2.10.0 <=5.8.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =3.4.6 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14929 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564275...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3618 more potentially affected by CVE-2025-14928 via transformers (>=4.0.0 <=4.57.6)

transformers PYPI version =4.0.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14928 Source advisory:...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1747 more potentially affected by CVE-2025-6921 via transformers (>=4.0.0 <=4.52.4)

transformers PYPI version =4.0.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.0.1, =0.1.2 and more Source cves: CVE-2025-6921 Source advisory: SNYK:PYTHON-TRANSFORMERS-13018959...

ace-step (=0.1.0), agent-memory-jojo (=0.1.3) +164 more potentially affected by CVE-2025-3262 via transformers (>=4.49.0 <=4.50.3)

transformers PYPI version =4.49.0, =3.2.0, =2.2.0, =0.0.5, =2026.3.1, =0.1.0, =1.2.1b20250404, =1.2.1b20250404, =1.2.1b20250404, =0.1.2, =0.1.8 - azureml-metrics =0.0.25.post1 and more Source cves: CVE-2025-3262 Source advisory: SNYK:PYTHON-TRANSFORMERS-10658533...