A vulnerability in the HuggingFace Transformers library, specifically in the Trainer class, allows for arbitrary code execution. The _load_rng_state() method in src/transformers/trainer.py at line 3059 calls torch.load() without the weights_only=True parameter. This issue affects all versions of the library supporting torch>=2.2 when used with PyTorch versions below 2.6, as the safe_globals() context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as rng_state.pth, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3.
{
"cwe_ids": [
"CWE-502"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/1xxx/CVE-2026-1839.json",
"cna_assigner": "@huntr_ai"
}{
"cpe": [
"cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*",
"cpe:2.3:a:huggingface:transformers:5.0.0:rc0:*:*:*:*:*:*",
"cpe:2.3:a:huggingface:transformers:5.0.0:rc1:*:*:*:*:*:*",
"cpe:2.3:a:huggingface:transformers:5.0.0:rc2:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "5.0.0"
},
{
"introduced": "5.0.0-rc0"
},
{
"last_affected": "5.0.0-rc0"
},
{
"introduced": "5.0.0-rc1"
},
{
"last_affected": "5.0.0-rc1"
},
{
"introduced": "5.0.0-rc2"
},
{
"last_affected": "5.0.0-rc2"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING",
"REFERENCES"
]
}