GHSA-rxpq-xgqx-fr7p
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rxpq-xgqx-fr7p
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-rxpq-xgqx-fr7p/GHSA-rxpq-xgqx-fr7p.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rxpq-xgqx-fr7p
- Aliases
-
- CVE-2026-6859
- Published
- 2026-04-22T15:31:45Z
- Modified
- 2026-05-05T16:11:20.877550Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- InstructLab Includes Functionality from Untrusted Control Sphere
- Details
-
A flaw was found in InstructLab. The
linux_train.pyscript hardcodestrust_remote_code=Truewhen loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to runilab train/download/generatewith a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise. - Database specific
{ "github_reviewed": true, "severity": "HIGH", "github_reviewed_at": "2026-04-29T22:08:37Z", "cwe_ids": [ "CWE-829" ], "nvd_published_at": "2026-04-22T14:17:07Z" }- References
Affected packages
PyPI / instructlab
Package
- Name
- instructlab
- View open source insights on deps.dev
- Purl
- pkg:pypi/instructlab
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.26.1
Affected versions
0.*
0.14.0
0.15.1
0.16.0
0.16.1
0.17.0
0.17.1
0.17.2
0.18.0a1
0.18.0a2
0.18.0a3
0.18.0a4
0.18.0a5
0.18.0a6
0.18.0a7
0.18.0b1
0.18.0b2
0.18.0b3
0.18.0b4
0.18.0b5
0.18.0b6
0.18.0rc1
0.18.0rc2
0.18.0rc3
0.18.0rc4
0.18.0rc5
0.18.0rc6
0.18.0rc7
0.18.0
0.18.1
0.18.2
0.18.3
0.18.4
0.19.0a1
0.19.0b1
0.19.0rc1
0.19.0
0.19.1
0.19.2
0.19.3
0.19.4
0.19.5
0.20.0a1
0.20.0a2
0.20.0
0.20.1
0.21.0a0
0.21.0a1
0.21.0
0.21.1
0.21.2
0.22.0
0.22.1
0.22.2
0.23.0a0
0.23.0rc0
0.23.0
0.23.1
0.23.2
0.23.3
0.23.4
0.23.5
0.24.0
0.24.1
0.24.2a0
0.24.2
0.24.3
0.25
0.26.0a1
0.26.0
0.26.1