Arbitrary Code Execution Vulnerability in Hugging Face Transformers Product
CVE-2026-5241
What is CVE-2026-5241?
A vulnerability exists in the model loading path of Hugging Face's Transformers version 5.2.0, specifically within the LightGlue model. This flaw enables an attacker-controlled model repository to execute arbitrary code upon model initialization. The issue stems from the unreliable trust_remote_code parameter, which is meant to safeguard against remote code execution. Unfortunately, it is susceptible to being overridden by untrusted serialized configuration data in a nested code execution path. When using AutoModel.from_pretrained() with trust_remote_code=False, the LightGlueConfig incorrectly interprets the trust_remote_code setting from the untrusted config.json file, thereby allowing the execution of malicious Python modules. This vulnerability poses significant risks, particularly in environments like API inference servers, research notebooks, CI/CD pipelines, and model evaluation workers, potentially leading to scenarios such as credential theft, lateral movement, or unauthorized persistence/backdoor deployment.
Affected Version(s)
huggingface/transformers < 5.5.0
