CVE-2026-1839 | huggingface transformers up to 5.0.0rc2 trainer.py _load_rng_state deserialization

Inserito da Angelo Barbosa | Apr 7, 2026 | CVE

A vulnerability has been found in huggingface transformers up to 5.0.0rc2 and classified as problematic. This affects the function _load_rng_state of the file src/transformers/trainer.py. The manipulation leads to deserialization.

This vulnerability is referenced as CVE-2026-1839. The attack can only be performed from a local environment. No exploit is available.

The affected component should be upgraded.

CVE-2026-1839 | huggingface transformers up to 5.0.0rc2 trainer.py _load_rng_state deserialization

Post correlati

CVE-2024-26653 | Linux Kernel up to 6.9-rc1 ljca auxiliary_device_add double free (7c9631969287)

CVE-2024-20418 | Cisco IOS XE Controller Web-based Management Interface command injection (cisco-sa-backhaul-ap-cmdinj-R7E28Ecs)

CVE-2023-41973 | Zscaler Client Connector prior 4.3.0.121 on Windows ZSATray previousInstallerName path traversal

CVE-2025-14619 | code-projects Student File Management System 1.0 login_query.php stud_no sql injection