CWE-1066
Missing Serialization Control Element
BaseIncomplete
Description
The product contains a serializable data element that does not have an associated serialization method.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (1)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4372 | Hig | 0.44 | 7.8 | 0.00 | May 24, 2026 | A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config.json` file containing the `_attn_implementation_internal` field set to an… |
- risk 0.44cvss 7.8epss 0.00
A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config.json` file containing the `_attn_implementation_internal` field set to an…