CVE-2026-5241

Name of the Vulnerable Software and Affected Versions huggingface/transformers version 5.2.0

Description A flaw in the LightGlue model loading path allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue occurs because the trust remote code parameter, designed to prevent remote code execution, is overridden by untrusted serialized configuration data in a nested code path. Specifically, when using the AutoModel.from pretrained() function with trust remote code=False, the LightGlueConfig reads the trust remote code value from an untrusted config.json file and propagates it into nested AutoConfig.from pretrained() calls. This leads to the execution of attacker-provided Python modules even when remote code execution is explicitly disabled. This poses a high risk for API inference servers, research notebooks, CI/CD pipelines, and model evaluation workers, potentially resulting in credential theft, lateral movement, or the deployment of backdoors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.