Hugging Face

Hugging Face is a well-known AI/ML platform that hosts machine learning models and provides collaborative tools for developers. This high-severity vulnerability (CVSS 7.8) requires local access to a system and user interaction to exploit, but once successful grants an attacker high-level control over confidentiality, integrity, and availability of the affected system with no special privileges needed. Security teams should monitor for any updates from Hugging Face before the June 2026 deadline and assess whether their local development or deployment environments using Hugging Face tools are at risk.