Platform
python
Component
smolagents
Fixed in
1.25.1
A code injection vulnerability has been discovered in huggingface smolagents versions 1.25.0.dev0 through 1.25.0.dev0. This flaw resides within the evaluateaugassign/evaluatecall/evaluatewith function of src/smolagents/localpython_executor.py, representing an incomplete fix for CVE-2025-9959. Remote attackers can exploit this vulnerability to execute arbitrary code, potentially compromising the system. A public exploit is available, increasing the risk of immediate exploitation.
Successful exploitation of CVE-2026-4963 allows an attacker to inject and execute arbitrary code within the context of the smolagents application. This could lead to complete system compromise, including data exfiltration, privilege escalation, and the installation of malware. Given the availability of a public exploit, the potential for widespread attacks is significant. The vulnerability's location within the Python executor suggests that attackers could target sensitive data processed by smolagents, potentially impacting any downstream systems relying on its output. The incomplete nature of the fix suggests that this vulnerability may share underlying causes with CVE-2025-9959, potentially expanding the attack surface.
This vulnerability is considered actively exploitable due to the public availability of a proof-of-concept. It was disclosed on 2026-03-27. The vendor was contacted but did not respond. The vulnerability is not currently listed on CISA KEV, but given the public exploit, it is likely to be added. The exploit's simplicity suggests a relatively low barrier to entry for attackers, increasing the likelihood of widespread exploitation.
Exploit Status
EPSS
0.01% (3% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-4963 is to upgrade to a patched version of huggingface smolagents. Unfortunately, no fixed version is currently specified. Until a patch is released, consider implementing temporary workarounds. Input validation and sanitization within the evaluateaugassign/evaluatecall/evaluate_with function can help prevent malicious code injection. Restrict network access to the smolagents application to only trusted sources. Monitor system logs for suspicious activity, particularly related to Python execution and file modifications. After upgrading (when available), confirm the fix by attempting to trigger the vulnerable function with a known malicious payload and verifying that it is properly sanitized.
Update the smolagents library to a version later than 1.25.0.dev0 that fixes the code injection (code injection) vulnerability. Consult the project repository or official documentation for the patched version and upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4963 is a code injection vulnerability affecting huggingface smolagents versions 1.25.0.dev0–1.25.0.dev0, allowing remote attackers to execute arbitrary code.
You are affected if you are using huggingface smolagents versions 1.25.0.dev0 through 1.25.0.dev0 and have not upgraded to a patched version (currently unavailable).
Upgrade to a patched version of huggingface smolagents when available. Until then, implement input validation and restrict network access.
Yes, a public exploit exists, indicating active exploitation is likely.
Refer to the huggingface security advisories page for updates: [https://github.com/huggingface/smolagents/security/advisories](https://github.com/huggingface/smolagents/security/advisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.