GHSA-69w3-r845-3855
Suggest an improvement- Source
- https://github.com/advisories/GHSA-69w3-r845-3855
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-69w3-r845-3855/GHSA-69w3-r845-3855.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-69w3-r845-3855
- Aliases
-
- CVE-2026-1839
- Related
- Published
- 2026-04-07T06:30:28Z
- Modified
- 2026-04-17T09:29:13.498050193Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H CVSS Calculator
- Summary
- HuggingFace Transformers allows for arbitrary code execution in the `Trainer` class
- Details
-
A vulnerability in the HuggingFace Transformers library, specifically in the
Trainerclass, allows for arbitrary code execution. The_load_rng_state()method insrc/transformers/trainer.pyat line 3059 callstorch.load()without theweights_only=Trueparameter. This issue affects all versions of the library supportingtorch>=2.2when used with PyTorch versions below 2.6, as thesafe_globals()context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such asrng_state.pth, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3. - Database specific
{ "severity": "MODERATE", "github_reviewed": true, "nvd_published_at": "2026-04-07T06:16:41Z", "cwe_ids": [ "CWE-502" ], "github_reviewed_at": "2026-04-08T00:17:56Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2026-1839
- https://github.com/huggingface/transformers/commit/03c8082ba4594c9b8d6fe190ca9bed0e5f8ca396
- https://github.com/huggingface/transformers
- https://github.com/huggingface/transformers/releases/tag/v5.0.0rc3
- https://huntr.com/bounties/3c77bb97-e493-493d-9a88-c57f5c536485
Affected packages
PyPI / transformers
Package
- Name
- transformers
- View open source insights on deps.dev
- Purl
- pkg:pypi/transformers
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.0.0rc3
Affected versions
0.*
0.1
2.*
2.0.0
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.4.0
2.4.1
2.5.0
2.5.1
2.6.0
2.7.0
2.8.0
2.9.0
2.9.1
2.10.0
2.11.0
3.*
3.0.0
3.0.1
3.0.2
3.1.0
3.2.0
3.3.0
3.3.1
3.4.0
3.5.0
3.5.1
4.*
4.0.0rc1
4.0.0
4.0.1
4.1.0
4.1.1
4.2.0
4.2.1
4.2.2
4.3.0rc1
4.3.0
4.3.1
4.3.2
4.3.3
4.4.0
4.4.1
4.4.2
4.5.0
4.5.1
4.6.0
4.6.1
4.7.0
4.8.0
4.8.1
4.8.2
4.9.0
4.9.1
4.9.2
4.10.0
4.10.1
4.10.2
4.10.3
4.11.0
4.11.1
4.11.2
4.11.3
4.12.0
4.12.1
4.12.2
4.12.3
4.12.4
4.12.5
4.13.0
4.14.0
4.14.1
4.15.0
4.16.0
4.16.1
4.16.2
4.17.0
4.18.0
4.19.0
4.19.1
4.19.2
4.19.3
4.19.4
4.20.0
4.20.1
4.21.0
4.21.1
4.21.2
4.21.3
4.22.0
4.22.1
4.22.2
4.23.0
4.23.1
4.24.0
4.25.0
4.25.1
4.26.0
4.26.1
4.27.0
4.27.1
4.27.2
4.27.3
4.27.4
4.28.0
4.28.1
4.29.0
4.29.1
4.29.2
4.30.0
4.30.1
4.30.2
4.31.0
4.32.0
4.32.1
4.33.0
4.33.1
4.33.2
4.33.3
4.34.0
4.34.1
4.35.0
4.35.1
4.35.2
4.36.0
4.36.1
4.36.2
4.37.0
4.37.1
4.37.2
4.38.0
4.38.1
4.38.2
4.39.0
4.39.1
4.39.2
4.39.3
4.40.0
4.40.1
4.40.2
4.41.0
4.41.1
4.41.2
4.42.0
4.42.1
4.42.2
4.42.3
4.42.4
4.43.0
4.43.1
4.43.2
4.43.3
4.43.4
4.44.0
4.44.1
4.44.2
4.45.0
4.45.1
4.45.2
4.46.0
4.46.1
4.46.2
4.46.3
4.47.0
4.47.1
4.48.0
4.48.1
4.48.2
4.48.3
4.49.0
4.50.0
4.50.1
4.50.2
4.50.3
4.51.0
4.51.1
4.51.2
4.51.3
4.52.0
4.52.1
4.52.2
4.52.3
4.52.4
4.53.0
4.53.1
4.53.2
4.53.3
4.54.0
4.54.1
4.55.0
4.55.1
4.55.2
4.55.3
4.55.4
4.56.0
4.56.1
4.56.2
4.57.0
4.57.1
4.57.2
4.57.3
4.57.4
4.57.5
4.57.6
5.*
5.0.0rc0
5.0.0rc1
5.0.0rc2