Arbitrary Code Execution Vulnerability in Stanza NLP Python Library
CVE-2026-54499
7.5HIGH
What is CVE-2026-54499?
Stanza, a popular NLP library developed by Stanford, is susceptible to an arbitrary code execution vulnerability due to improper handling of model file loading. Specifically, versions prior to 1.12.2 allow attackers to exploit 'pickle' errors in model loaders, leading to unwanted execution of potentially malicious code embedded within the model files. It is essential for users of Stanza to upgrade to version 1.12.2 or later to mitigate this security risk.
Affected Version(s)
stanza < 1.12.2
