apk package
chainguard/py3.11-transformers-4.56
pkg:apk/chainguard/py3.11-transformers-4.56
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-1839 | Hig | 7.8 | < 4.56.2-r2 | 4.56.2-r2 | Apr 7, 2026 | A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This iss |
- affected < 4.56.2-r2fixed 4.56.2-r2
A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This iss