GHSA-7wx4-6vff-v64p: Diffusers: TOCTOU Trust Remote Code Bypass
highvulnerability
security
Summary
The `diffusers` package has a TOCTOU (time-of-check-time-of-use, where a security check happens at one moment but the actual data used comes from a different moment) vulnerability in its `DiffusionPipeline.from_pretrained` function that loads models from HuggingFace Hub. An attacker can bypass the `trust_remote_code` security check by updating a repository between two separate download calls, allowing arbitrary code to execute without the user explicitly approving it.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Patch Available
Yes
Disclosure Date
May 20, 2026
Classification
Attack Type
Supply ChainModel Theft
Attack SophisticationModerate
Impact (CIA+S)
integrity
Affected Vendors
HuggingFace
Affected Packages
diffusers@< 0.38.0 (fixed: 0.38.0)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-7wx4-6vff-v64p
First tracked: May 20, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%