VYPR

apk package

chainguard/py3.10-transformers-4.56

pkg:apk/chainguard/py3.10-transformers-4.56

Vulnerabilities (1)

  • CVE-2026-1839HigApr 7, 2026
    affected < 4.56.2-r2fixed 4.56.2-r2

    A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This iss