CVE-2026-1839: A vulnerability in the HuggingFace Transformers library, specifically in the `Trainer` class, allows for arbitrary code
highvulnerability
security
Summary
A vulnerability in HuggingFace Transformers' `Trainer` class (a tool for training AI models) allows attackers to run arbitrary code by providing a malicious checkpoint file. The problem occurs because the `_load_rng_state()` method uses `torch.load()` without the `weights_only=True` parameter (a safety setting that restricts what code can run), leaving systems vulnerable when using PyTorch versions below 2.6.
Solution / Mitigation
The issue is resolved in version v5.0.0rc3.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
April 7, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Taxonomy References
Affected Vendors
HuggingFace
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-1839
First tracked: April 7, 2026 at 08:08 AM
Classified by LLM (prompt v3) · confidence: 95%