Hugging Face Transformers 5.0.0 Release Candidate 2
Approved changes feed: RSS · Atom
cpe:2.3:a:huggingface:transformers:5.0.0:rc2:*:*:*:*:*:*
part: a version: 5.0.0 update: rc2
| Vendor | Huggingface (99e96d05-83c7-5fa6-87a0-b60fade6cd99) |
|---|---|
| Product | Transformers (b4ce00f1-117d-532e-8476-9985a60eef6e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/huggingface/transformers |
purl2cpe | 2026-06-01 10:17:04.507286 |
pkg:pypi/transformers |
purl2cpe | 2026-06-01 10:17:04.507288 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-1839 |
vulnerable | 2026-06-08 07:49:09.741542 |
Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers
MEDIUM (6.5)
A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used with PyTorch versions below 2.6, as the `safe_globals()` context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as `rng_state.pth`, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3.
Published: 2026-04-07T05:22:00.959Z
Updated: 2026-04-07T13:27:41.789Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.