EUVD-2026-19573
GHSA-69w3-r845-3855
CVSS Vector
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H
Lifecycle Timeline
4Description
A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used with PyTorch versions below 2.6, as the `safe_globals()` context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as `rng_state.pth`, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3.
Analysis
Remote code execution in HuggingFace Transformers library allows arbitrary code execution via malicious checkpoint files. The `_load_rng_state()` method in the `Trainer` class calls `torch.load()` without the `weights_only=True` parameter, enabling deserialization attacks when PyTorch versions below 2.6 are used with torch>=2.2. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today