Redhat Instructlab
2 CVEs affecting Redhat Instructlab. Latest disclosed: 2026-04-22. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-6859 | High | 8.8 | 2026-04-22 | A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote atta… |
CVE-2026-6855 | High | 7.1 | 2026-04-22 | A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` param… |