CVE-2026-5241

Source
https://cve.org/CVERecord?id=CVE-2026-5241
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5241.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-5241
Aliases
Published
2026-06-03T12:33:10.227Z
Modified
2026-07-15T01:49:13.455849447Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N CVSS Calculator
Summary
Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers
Details

A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the trust_remote_code parameter, intended to prevent remote code execution, is overridden by untrusted serialized configuration data in a nested code path. Specifically, when loading a LightGlue model using AutoModel.from_pretrained() with trust_remote_code=False, the LightGlueConfig reads the trust_remote_code value from the untrusted config.json file and propagates it into nested AutoConfig.from_pretrained() calls. This results in the execution of attacker-provided Python modules, even when the victim explicitly disables remote code execution. The vulnerability poses a high risk for environments such as API inference servers, research notebooks, CI/CD pipelines, and model evaluation workers, potentially leading to credential theft, lateral movement, or persistence/backdoor deployment.

Database specific
{
    "cna_assigner": "@huntr_ai",
    "cwe_ids": [
        "CWE-829"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5241.json"
}
References

Affected packages

Git / github.com/huggingface/transformers

Affected ranges

Type
GIT
Repo
https://github.com/huggingface/transformers
Events
Database specific
{
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "5.2.0"
        },
        {
            "last_affected": "5.2.0"
        }
    ],
    "cpe": "cpe:2.3:a:huggingface:transformers:5.2.0:*:*:*:*:*:*:*"
}

Affected versions

5.*
5.2.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5241.json"