Arbitrary Code Execution Vulnerability in Hugging Face Transformers Product
CVE-2026-5241

8HIGH

Key Information:

Vendor
CVE Published:
3 June 2026

What is CVE-2026-5241?

A vulnerability exists in the model loading path of Hugging Face's Transformers version 5.2.0, specifically within the LightGlue model. This flaw enables an attacker-controlled model repository to execute arbitrary code upon model initialization. The issue stems from the unreliable trust_remote_code parameter, which is meant to safeguard against remote code execution. Unfortunately, it is susceptible to being overridden by untrusted serialized configuration data in a nested code execution path. When using AutoModel.from_pretrained() with trust_remote_code=False, the LightGlueConfig incorrectly interprets the trust_remote_code setting from the untrusted config.json file, thereby allowing the execution of malicious Python modules. This vulnerability poses significant risks, particularly in environments like API inference servers, research notebooks, CI/CD pipelines, and model evaluation workers, potentially leading to scenarios such as credential theft, lateral movement, or unauthorized persistence/backdoor deployment.

Affected Version(s)

huggingface/transformers < 5.5.0

References

CVSS V3.0

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.