VYPR

Mamba

by State Spaces

Source repositories

CVEs (1)

  • CVE-2026-31239CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.00

    The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file without enabling the…