CVE-2026-1839 MEDIUM

CVE-2026-1839: Arbitrary Code Execution via Unsafe torch.load() in Trainer Checkpoint Loading in huggingface/transformers

Vendor Huggingface
Product huggingface/transformers
Weakness CWE-502 · Unsafe deserialization
Published April 7, 2026
Last update April 7, 2026

CVSS base score

6.5/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H

What the vulnerability does

01Description

A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code execution. The `_load_rng_state()` method in `src/transformers/trainer.py` at line 3059 calls `torch.load()` without the `weights_only=True` parameter. This issue affects all versions of the library supporting `torch>=2.2` when used with PyTorch versions below 2.6, as the `safe_globals()` context manager provides no protection in these versions. An attacker can exploit this vulnerability by supplying a malicious checkpoint file, such as `rng_state.pth`, which can execute arbitrary code when loaded. The issue is resolved in version v5.0.0rc3.

Key dates

02Disclosure timeline

April 7, 2026 CVE published
April 7, 2026 Record updated

Related vulnerabilities

04Related CVE