2 matches found
CVE-2026-6859
CVE-2026-6859 is a Red Hat advisory about a flaw in InstructLab where linux_train.py hardcodes trust_remote_code=True when loading models from HuggingFace. This enables arbitrary Python code execution if a user runs ilab train/download/generate with a malicious HuggingFace model, potentially lead...
CVE-2026-6855
CVE-2026-6855 affects InstructLab. A path traversal flaw in the chat session handler can be triggered by manipulating the logs_dir parameter, enabling a local attacker to create directories and write files to arbitrary system locations, potentially causing data modification or disclosure. The iss...