VYPR
Critical severity9.6NVD Advisory· Published Jun 3, 2026· Updated Jun 4, 2026

CVE-2026-5241

CVE-2026-5241

Description

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trust_remote_code parameter, intended to prevent remote code execution, is overridden by untrusted serialized configuration data in a nested code path. Specifically, when loading a LightGlue model using AutoModel.from_pretrained() with trust_remote_code=False, the LightGlueConfig reads the trust_remote_code value from the untrusted config.json file and propagates it into nested AutoConfig.from_pretrained() calls. This results in the execution of attacker-provided Python modules, even when the victim explicitly disables remote code execution. The vulnerability poses a high risk for environments such as API inference servers, research notebooks, CI/CD pipelines, and model evaluation workers, potentially leading to credential theft, lateral movement, or persistence/backdoor deployment.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Huggingface/Transformersreferences3 versions
    (expand)+ 2 more
    • (no CPE)
    • cpe:2.3:a:huggingface:transformers:5.2.0:*:*:*:*:*:*:*
    • (no CPE)range: =5.2.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.