Insecure Temporary File in huggingface/transformers
Description
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An insecure temporary file vulnerability in Hugging Face Transformers prior to 4.30.0 allows local privilege escalation via symlink attacks.
The vulnerability is an insecure temporary file issue in the Hugging Face Transformers library (versions prior to 4.30.0). The root cause is the use of the deprecated mktemp function for creating temporary files, which is inherently insecure because it does not atomically create the file, leaving a race window for attackers [1][4].
Exploitation is local and requires access to a user account on the system where Transformers is used. During operations that create temporary files—such as model caching or tokenizer downloads—an attacker who can predict the temporary filename can plant a symbolic link (symlink) pointing to an arbitrary file the victim can write to. When the library then writes to the insecure temporary file, it inadvertently follows the symlink and overwrites the target file [2][3].
The impact is local privilege escalation or denial of service. A successful attacker could overwrite critical system files, user configuration, or other sensitive data that the victim user has write permissions to. This can lead to arbitrary code execution in the context of the victim user or cause a system crash [2].
The issue has been patched in Transformers version 4.30.0. The fix replaces the deprecated mktemp with mkstemp, which creates temporary files securely and atomically. Users should upgrade to the latest version immediately [1][4]. No workaround is available for unpatched versions.
- GitHub - huggingface/transformers: 🤗 Transformers: the model-definition framework for state-of-the-art machine learning models in text, vision, audio, and multimodal models, for both inference and training.
- NVD - CVE-2023-2800
- advisory-database/vulns/transformers/PYSEC-2023-299.yaml at main · pypa/advisory-database
- Use `mkstemp` to replace deprecated `mktemp` by ready-research · Pull Request #23372 · huggingface/transformers
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
transformersPyPI | < 4.30.0 | 4.30.0 |
Affected products
2- huggingface/huggingface/transformersv5Range: unspecified
Patches
180ca92470938Use `mkstemp` to replace deprecated `mktemp` (#23372)
1 file changed · +1 −1
src/transformers/utils/hub.py+1 −1 modified@@ -578,7 +578,7 @@ def download_url(url, proxies=None): " that this is not compatible with the caching system (your file will be downloaded at each execution) or" " multiple processes (each process will download the file in a different temporary file)." ) - tmp_file = tempfile.mktemp() + tmp_file = tempfile.mkstemp()[1] with open(tmp_file, "wb") as f: http_get(url, f, proxies=proxies) return tmp_file
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-282v-666c-3fvgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-2800ghsaADVISORY
- github.com/huggingface/transformers/commit/80ca92470938bbcc348e2d9cf4734c7c25cb1c43ghsaWEB
- github.com/huggingface/transformers/pull/23372ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/transformers/PYSEC-2023-299.yamlghsaWEB
- huntr.dev/bounties/a3867b4e-6701-4418-8c20-3c6e7084a44aghsaWEB
News mentions
0No linked articles in our index yet.