1.25.1
A code injection vulnerability has been discovered in huggingface smolagents versions 1.25.0.dev0 through 1.25.0.dev0. This flaw resides within the evaluateaugassign/evaluatecall/evaluatewith function of src/smolagents/localpython_executor.py, representing an incomplete fix for CVE-2025-9959. Remote attackers can exploit this vulnerability to execute arbitrary code, potentially compromising the system. A public exploit is available, increasing the risk of immediate exploitation.
Successful exploitation of CVE-2026-4963 allows an attacker to inject and execute arbitrary code within the context of the smolagents application. This could lead to complete system compromise, including data exfiltration, privilege escalation, and the installation of malware. Given the availability of a public exploit, the potential for widespread attacks is significant. The vulnerability's location within the Python executor suggests that attackers could target sensitive data processed by smolagents, potentially impacting any downstream systems relying on its output. The incomplete nature of the fix suggests that this vulnerability may share underlying causes with CVE-2025-9959, potentially expanding the attack surface.
This vulnerability is considered actively exploitable due to the public availability of a proof-of-concept. It was disclosed on 2026-03-27. The vendor was contacted but did not respond. The vulnerability is not currently listed on CISA KEV, but given the public exploit, it is likely to be added. The exploit's simplicity suggests a relatively low barrier to entry for attackers, increasing the likelihood of widespread exploitation.
Organizations utilizing huggingface smolagents in production environments, particularly those processing sensitive data or integrating with other critical systems, are at significant risk. Systems running older, unpatched versions of smolagents are especially vulnerable. Users relying on smolagents for automated tasks or decision-making processes are also at increased risk, as successful exploitation could lead to malicious actions being performed without their knowledge.
• python / localpythonexecutor.py: Monitor Python processes for unusual activity, especially those executing code from src/smolagents/localpythonexecutor.py. Use ps or top to identify suspicious processes.
ps aux | grep 'local_python_executor.py'• python / supply-chain: Check for unusual imports or function calls within the evaluateaugassign/evaluatecall/evaluate_with function. Examine the smolagents dependencies for vulnerabilities using pip audit.
pip audit• generic web: Monitor web server access logs for requests targeting localpythonexecutor.py with unusual parameters.
grep 'local_python_executor.py' access.logdisclosure
poc
漏洞利用状态
EPSS
0.01% (3% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-4963 is to upgrade to a patched version of huggingface smolagents. Unfortunately, no fixed version is currently specified. Until a patch is released, consider implementing temporary workarounds. Input validation and sanitization within the evaluateaugassign/evaluatecall/evaluate_with function can help prevent malicious code injection. Restrict network access to the smolagents application to only trusted sources. Monitor system logs for suspicious activity, particularly related to Python execution and file modifications. After upgrading (when available), confirm the fix by attempting to trigger the vulnerable function with a known malicious payload and verifying that it is properly sanitized.
将 smolagents 库更新到 1.25.0.dev0 之后的版本,以修复代码注入漏洞。请查阅项目仓库或官方文档以获取修复版本和更新说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-4963 is a code injection vulnerability affecting huggingface smolagents versions 1.25.0.dev0–1.25.0.dev0, allowing remote attackers to execute arbitrary code.
You are affected if you are using huggingface smolagents versions 1.25.0.dev0 through 1.25.0.dev0 and have not upgraded to a patched version (currently unavailable).
Upgrade to a patched version of huggingface smolagents when available. Until then, implement input validation and restrict network access.
Yes, a public exploit exists, indicating active exploitation is likely.
Refer to the huggingface security advisories page for updates: [https://github.com/huggingface/smolagents/security/advisories](https://github.com/huggingface/smolagents/security/advisories)
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。
上传你的 requirements.txt 文件,立即知道是否受影响。