Arbitrary Code Execution Vulnerability in HuggingFace Transformers Library

CVE-2026-1839

What is CVE-2026-1839?

CVE-2026-1839 is a critical vulnerability found in the HuggingFace Transformers library, specifically within the Trainer class. This open-source library is widely used for building and deploying machine learning models, especially in natural language processing. The vulnerability arises from the _load_rng_state() method in the library, which improperly calls the torch.load() function without the necessary weights_only=True parameter. This oversight presents a serious risk, as it allows attackers to exploit the system by providing a malicious checkpoint file, thereby executing arbitrary code when loaded. Affected versions of this library support PyTorch version 2.2 and above but not earlier ones, leaving many installations at risk if they rely on the flawed functionality. The significance of this vulnerability is heightened by the fact that it can be exploited in environments that utilize the library for production ML applications, potentially leading to severe consequences for organizations in terms of data integrity and system security.

Potential impact of CVE-2026-1839

1. Arbitrary Code Execution: The most critical impact of CVE-2026-1839 is the potential for arbitrary code execution. Attackers can execute malicious code on a server where the library is implemented, leading to full system compromise and unauthorized access to sensitive data and resources.

2. Integrity of Machine Learning Models: Given that HuggingFace Transformers is widely employed in machine learning applications, an exploit of this vulnerability could compromise the integrity of the models being created or deployed. This could lead to incorrect predictions, biased algorithms, or manipulation of outputs in applications reliant on these models.

3. Security Breaches and Data Theft: The ability to execute arbitrary code may facilitate further attacks or propagation of malware within the organizational infrastructure. This poses a direct threat to data security, potentially leading to extensive data breaches, theft of intellectual property, and loss of customer trust.

References