Plattform
python
Komponente
smolagents
Behoben in
1.25.1
A code injection vulnerability has been discovered in huggingface smolagents versions 1.25.0.dev0 through 1.25.0.dev0. This flaw resides within the evaluateaugassign/evaluatecall/evaluatewith function of src/smolagents/localpython_executor.py, representing an incomplete fix for CVE-2025-9959. Remote attackers can exploit this vulnerability to execute arbitrary code, potentially compromising the system. A public exploit is available, increasing the risk of immediate exploitation.
Successful exploitation of CVE-2026-4963 allows an attacker to inject and execute arbitrary code within the context of the smolagents application. This could lead to complete system compromise, including data exfiltration, privilege escalation, and the installation of malware. Given the availability of a public exploit, the potential for widespread attacks is significant. The vulnerability's location within the Python executor suggests that attackers could target sensitive data processed by smolagents, potentially impacting any downstream systems relying on its output. The incomplete nature of the fix suggests that this vulnerability may share underlying causes with CVE-2025-9959, potentially expanding the attack surface.
This vulnerability is considered actively exploitable due to the public availability of a proof-of-concept. It was disclosed on 2026-03-27. The vendor was contacted but did not respond. The vulnerability is not currently listed on CISA KEV, but given the public exploit, it is likely to be added. The exploit's simplicity suggests a relatively low barrier to entry for attackers, increasing the likelihood of widespread exploitation.
Organizations utilizing huggingface smolagents in production environments, particularly those processing sensitive data or integrating with other critical systems, are at significant risk. Systems running older, unpatched versions of smolagents are especially vulnerable. Users relying on smolagents for automated tasks or decision-making processes are also at increased risk, as successful exploitation could lead to malicious actions being performed without their knowledge.
• python / localpythonexecutor.py: Monitor Python processes for unusual activity, especially those executing code from src/smolagents/localpythonexecutor.py. Use ps or top to identify suspicious processes.
ps aux | grep 'local_python_executor.py'• python / supply-chain: Check for unusual imports or function calls within the evaluateaugassign/evaluatecall/evaluate_with function. Examine the smolagents dependencies for vulnerabilities using pip audit.
pip audit• generic web: Monitor web server access logs for requests targeting localpythonexecutor.py with unusual parameters.
grep 'local_python_executor.py' access.logdisclosure
poc
Exploit-Status
EPSS
0.01% (3% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-4963 is to upgrade to a patched version of huggingface smolagents. Unfortunately, no fixed version is currently specified. Until a patch is released, consider implementing temporary workarounds. Input validation and sanitization within the evaluateaugassign/evaluatecall/evaluate_with function can help prevent malicious code injection. Restrict network access to the smolagents application to only trusted sources. Monitor system logs for suspicious activity, particularly related to Python execution and file modifications. After upgrading (when available), confirm the fix by attempting to trigger the vulnerable function with a known malicious payload and verifying that it is properly sanitized.
Aktualisieren Sie die smolagents Bibliothek auf eine Version nach 1.25.0.dev0, die die Code Injection Schwachstelle behebt. Konsultieren Sie das Projekt-Repository oder die offizielle Dokumentation für die korrigierte Version und die Update-Anweisungen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-4963 is a code injection vulnerability affecting huggingface smolagents versions 1.25.0.dev0–1.25.0.dev0, allowing remote attackers to execute arbitrary code.
You are affected if you are using huggingface smolagents versions 1.25.0.dev0 through 1.25.0.dev0 and have not upgraded to a patched version (currently unavailable).
Upgrade to a patched version of huggingface smolagents when available. Until then, implement input validation and restrict network access.
Yes, a public exploit exists, indicating active exploitation is likely.
Refer to the huggingface security advisories page for updates: [https://github.com/huggingface/smolagents/security/advisories](https://github.com/huggingface/smolagents/security/advisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.