5 matches found
CVE-2026-6859
A flaw was found in InstructLab. The linuxtrain.py script hardcodes trustremotecode=True when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run ilab train/download/generate with a specially crafted malicious model...
CVE-2026-6859
CVE-2026-6859 is a Red Hat advisory about a flaw in InstructLab where linux_train.py hardcodes trust_remote_code=True when loading models from HuggingFace. This enables arbitrary Python code execution if a user runs ilab train/download/generate with a malicious HuggingFace model, potentially lead...
PT-2026-34336
A flaw was found in InstructLab. The linux train.py script hardcodes trust remote code=True when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run ilab train/download/generate with a specially crafted malicious...
Red Hat Enterprise Linux AI 安全漏洞
Red Hat Enterprise Linux AI is a Linux distribution created by the American company Red Hat for generative AI. Red Hat Enterprise Linux AI RHEL AI 3 has a security vulnerability. This vulnerability stems from the linuxtrain.py script, which loads models from HuggingFace by hardcoding...
Applio 注入漏洞
Applio is an open source AI speech conversion tool from Spanish AI Hispano. An injection vulnerability exists in Applio 3.2.8-bugfix and earlier versions, which stems from a denial of service issue in restart.py, where the modelname parameter of train.py accepts user input and passes it to the...