High severity7.8NVD Advisory· Published Apr 7, 2026· Updated Apr 28, 2026

CVE-2026-1839

Description

A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The _load_rng_state() method in src/transformers/trainer.py at line 3059 calls torch.load() without the weights_only=True parameter. This issue affects all versions of the library supporting torch>=2.2 when used with PyTorch versions below 2.6, as the safe_globals() context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as rng_state.pth, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
transformersPyPI	< 5.0.0rc3	5.0.0rc3

Affected products

Huggingface/Transformers4 versions
cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*range: <5.0.0
- cpe:2.3:a:huggingface:transformers:5.0.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:huggingface:transformers:5.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:huggingface:transformers:5.0.0:rc2:*:*:*:*:*:*

Patches

03c8082ba459

Fix unsafe torch.load() in _load_rng_state allowing arbitrary code execution (#43140)

https://github.com/huggingface/transformersCole MurrayJan 12, 2026via ghsa

commit

1 file changed · +2 −1

src/transformers/trainer.py+2 −1 modified

@@ -3056,7 +3056,8 @@ def _load_rng_state(self, checkpoint):
                 return
 
         with safe_globals():
-            checkpoint_rng_state = torch.load(rng_file)
+            check_torch_load_is_safe()
+            checkpoint_rng_state = torch.load(rng_file, weights_only=True)
         random.setstate(checkpoint_rng_state["python"])
         np.random.set_state(checkpoint_rng_state["numpy"])
         torch.random.set_rng_state(checkpoint_rng_state["cpu"])

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/huggingface/transformers/commit/03c8082ba4594c9b8d6fe190ca9bed0e5f8ca396nvdPatchWEB
huntr.com/bounties/3c77bb97-e493-493d-9a88-c57f5c536485nvdExploitThird Party AdvisoryWEB
github.com/advisories/GHSA-69w3-r845-3855ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2026-1839ghsaADVISORY
github.com/huggingface/transformers/releases/tag/v5.0.0rc3ghsaWEB

News mentions

What Anthropic’s Mythos Means for the Future of Cybersecurity
Schneier on Security · Apr 28, 2026

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000