Plataforma
python
Componente
transformers
Corrigido em
5.0.0rc3
5.0.0rc3
CVE-2026-1839 is a Remote Code Execution (RCE) vulnerability discovered in the HuggingFace Transformers library. This vulnerability arises from an insecure use of torch.load() within the loadrng_state() method, allowing an attacker to potentially execute arbitrary code on a system. The vulnerability affects versions of Transformers up to and including 5.0.0rc2 when used with PyTorch versions below 2.6. A patch is available in version 5.0.0rc3.
CVE-2026-1839 in the Hugging Face Transformers library represents a critical vulnerability allowing for arbitrary code execution. The root cause lies within the loadrngstate() method (line 3059 of src/transformers/trainer.py), which utilizes torch.load() without the weightsonly=True parameter. This omission, combined with the use of PyTorch versions below 2.6 and torch>=2.2, enables an attacker to inject malicious code through compromised random number generator (RNG) state files. The inadequate protection offered by the safe_globals() context manager in older PyTorch versions exacerbates the risk. The potential impact includes system takeover, data theft, and unauthorized command execution, particularly in model deployment environments.
An attacker could exploit this vulnerability by crafting a malicious RNG state file containing executable Python code. Loading this file through the loadrng_state() function in the Transformers Trainer class would result in the malicious code executing within the context of the model training process. This could occur if a malicious user can upload an RNG state file to a server utilizing Transformers, or if an attacker compromises a development environment where models are being trained. The vulnerability is particularly concerning in machine learning environments where models are trained with data from external sources.
Status do Exploit
EPSS
0.02% (percentil 6%)
CISA SSVC
Vetor CVSS
The recommended solution is to upgrade the Hugging Face Transformers library to version 5.0.0rc3 or higher. This version includes a fix that implements the weightsonly=True parameter in the torch.load() function, effectively mitigating the vulnerability. Furthermore, upgrading to the latest stable PyTorch version (2.6 or higher) is advised to benefit from enhanced security features within the safeglobals() context manager. If immediate upgrading is not feasible, thorough scanning of RNG state files before loading them, verifying their integrity and origin, should be implemented. Restricting access to RNG state files to prevent unauthorized manipulation is also crucial.
Actualice la biblioteca Hugging Face Transformers a la versión 5.0.0rc3 o superior para mitigar la vulnerabilidad de ejecución arbitraria de código. Esta actualización corrige el problema al asegurar que `torch.load()` se utilice de forma segura al cargar puntos de control, evitando la ejecución de código malicioso. Consulte las notas de la versión para obtener instrucciones de actualización específicas.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
An RNG (Random Number Generator) state file stores the internal state of a random number generator. It's used to reproduce results in machine learning experiments.
This parameter instructs torch.load() to load only the model weights, and not the associated Python code, preventing arbitrary code execution.
Implement thorough scanning of RNG state files before loading them and restrict access to these files.
The vulnerability affects any model that uses the Trainer class and runs on PyTorch versions below 2.6 and torch>=2.2.
Refer to the Hugging Face security advisory and the PyTorch documentation for further details.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo requirements.txt e descubra na hora se você está afetado.