Bug 2455854 (CVE-2026-1839) - CVE-2026-1839 transformers: HuggingFace Transformers: Arbitrary code execution via malicious checkpoint file
Summary: CVE-2026-1839 transformers: HuggingFace Transformers: Arbitrary code executio...
Keywords:
Status: NEW
Alias: CVE-2026-1839
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-07 06:01 UTC by OSIDB Bzimport
Modified: 2026-04-07 17:49 UTC (History)
38 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-04-07 06:01:25 UTC 
A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used with PyTorch versions below 2.6, as the `safe_globals()` context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as `rng_state.pth`, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3.
Note You need to log in before you can comment on or make changes to this bug.