PYSEC-2026-2522

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/instructlab/PYSEC-2026-2522.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-2522
Aliases
Published
2026-07-13T15:02:52.692673Z
Modified
2026-07-13T16:31:57.966567895Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
InstructLab Includes Functionality from Untrusted Control Sphere
Details

A flaw was found in InstructLab. The linux_train.py script hardcodes trust_remote_code=True when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run ilab train/download/generate with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise.

References

Affected packages

PyPI / instructlab

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.26.1

Affected versions

0.*
0.14.0
0.15.1
0.16.0
0.16.1
0.17.0
0.17.1
0.17.2
0.18.0a1
0.18.0a2
0.18.0a3
0.18.0a4
0.18.0a5
0.18.0a6
0.18.0a7
0.18.0b1
0.18.0b2
0.18.0b3
0.18.0b4
0.18.0b5
0.18.0b6
0.18.0rc1
0.18.0rc2
0.18.0rc3
0.18.0rc4
0.18.0rc5
0.18.0rc6
0.18.0rc7
0.18.0
0.18.1
0.18.2
0.18.3
0.18.4
0.19.0a1
0.19.0b1
0.19.0rc1
0.19.0
0.19.1
0.19.2
0.19.3
0.19.4
0.19.5
0.20.0a1
0.20.0a2
0.20.0
0.20.1
0.21.0a0
0.21.0a1
0.21.0
0.21.1
0.21.2
0.22.0
0.22.1
0.22.2
0.23.0a0
0.23.0rc0
0.23.0
0.23.1
0.23.2
0.23.3
0.23.4
0.23.5
0.24.0
0.24.1
0.24.2a0
0.24.2
0.24.3
0.25
0.26.0a1
0.26.0
0.26.1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/instructlab/PYSEC-2026-2522.yaml"