CVE-2026-1839
Description
A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The _load_rng_state() method in src/transformers/trainer.py at line 3059 calls torch.load() without the weights_only=True parameter. This issue affects all versions of the library supporting torch>=2.2 when used with PyTorch versions below 2.6, as the safe_globals() context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as rng_state.pth, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
transformersPyPI | < 5.0.0rc3 | 5.0.0rc3 |
Affected products
17cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*range: <5.0.0
- cpe:2.3:a:huggingface:transformers:5.0.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:huggingface:transformers:5.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:huggingface:transformers:5.0.0:rc2:*:*:*:*:*:*
- osv-coords13 versionspkg:apk/chainguard/lmcache-cuda-12.8pkg:apk/chainguard/nemopkg:apk/chainguard/py3.10-transformers-4.51pkg:apk/chainguard/py3.10-transformers-4.56pkg:apk/chainguard/py3.11-transformers-4.51pkg:apk/chainguard/py3.11-transformers-4.56pkg:apk/chainguard/py3.12-transformers-4.51pkg:apk/chainguard/py3.12-transformers-4.56pkg:apk/chainguard/py3.13-transformers-4.51pkg:apk/chainguard/py3.13-transformers-4.56pkg:apk/chainguard/tritonserver-backend-vllm-cuda-13.0pkg:apk/chainguard/vllm-openai-cuda-12.9pkg:pypi/transformers
< 0.4.4-r0+ 12 more
- (no CPE)range: < 0.4.4-r0
- (no CPE)range: < 2.7.3-r1
- (no CPE)range: < 0
- (no CPE)range: < 4.56.2-r2
- (no CPE)range: < 0
- (no CPE)range: < 4.56.2-r2
- (no CPE)range: < 0
- (no CPE)range: < 4.56.2-r2
- (no CPE)range: < 0
- (no CPE)range: < 4.56.2-r2
- (no CPE)range: < 25.11-r7
- (no CPE)range: < 0.19.1-r0
- (no CPE)range: < 5.0.0rc3
Patches
Vulnerability mechanics
References
5- github.com/huggingface/transformers/commit/03c8082ba4594c9b8d6fe190ca9bed0e5f8ca396nvdPatchWEB
- huntr.com/bounties/3c77bb97-e493-493d-9a88-c57f5c536485nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-69w3-r845-3855ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-1839ghsaADVISORY
- github.com/huggingface/transformers/releases/tag/v5.0.0rc3ghsaWEB
News mentions
0No linked articles in our index yet.