Huggingface Transformers
3 CVEs affecting Huggingface Transformers. Latest disclosed: 2026-06-03. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-5241 | Critical | 9.6 | 2026-06-03 | A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitra… |
CVE-2026-4372 | High | 7.8 | 2026-05-24 | A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows… |
CVE-2026-1839 | High | 7.8 | 2026-04-07 | A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` meth… |