Arbitrary Code Execution Vulnerability in HuggingFace Transformers Library
CVE-2026-1839

6.5MEDIUM

Key Information:

Vendor: Huggingface
Status: Huggingface/transformers
Vendor: CVE Published:; 7 April 2026

🔔 Create Huggingface Vulnerability Alert

What is CVE-2026-1839?

A vulnerability in the HuggingFace Transformers library's Trainer class poses a significant risk by allowing for arbitrary code execution through the _load_rng_state() method. This issue arises from an improper call to torch.load(), which does not include the weights_only=True parameter. Versions of the library compatible with torch>=2.2 and running on PyTorch versions earlier than 2.6 are susceptible. Attackers can exploit this flaw by providing a malicious checkpoint file, such as rng_state.pth, resulting in the execution of arbitrary code during the loading process. The vulnerability has been addressed in version v5.0.0rc3.

Affected Version(s)

huggingface/transformers < unspecified

References

https://huntr.com/bounties/3c77bb97-e493-493d-9a88-c57f5c...

https://github.com/huggingface/transformers/commit/03c808...

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2026
Vulnerability Reserved
Feb 3, 2026

CVE-2026-1839 Data

JSON