VYPR

CWE-1066

Missing Serialization Control Element

BaseIncomplete

Description

The product contains a serializable data element that does not have an associated serialization method.

Hierarchy (View 1000)

Parents

Children

none

CVEs mapped to this weakness (1)

  • CVE-2026-4372HigMay 24, 2026
    risk 0.44cvss 7.8epss 0.00

    A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config.json` file containing the `_attn_implementation_internal` field set to an…