Vasqu

**Name of the Vulnerable Software and Affected Versions** huggingface/transformers version 5.2.0 **Description** A flaw in the LightGlue model loading path allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue occurs because the `trust remote code` parameter, designed to prevent remote code execution, is overridden by untrusted serialized configuration data in a nested code path. Specifically, when using the `AutoModel.from pretrained()` function with `trust remote code=False`, the `LightGlueConfig` reads the `trust remote code` value from an untrusted `config.json` file and propagates it into nested `AutoConfig.from pretrained()` calls. This leads to the execution of attacker-provided Python modules even when remote code execution is explicitly disabled. This poses a high risk for API inference servers, research notebooks, CI/CD pipelines, and model evaluation workers, potentially resulting in credential theft, lateral movement, or the deployment of backdoors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.