{"id":"CVE-2026-5241","summary":"Policy Bypass in LightGlue Nested Config Resolution in huggingface/transformers","details":"A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The issue arises because the `trust_remote_code` parameter, intended to prevent remote code execution, is overridden by untrusted serialized configuration data in a nested code path. Specifically, when loading a LightGlue model using `AutoModel.from_pretrained()` with `trust_remote_code=False`, the `LightGlueConfig` reads the `trust_remote_code` value from the untrusted `config.json` file and propagates it into nested `AutoConfig.from_pretrained()` calls. This results in the execution of attacker-provided Python modules, even when the victim explicitly disables remote code execution. The vulnerability poses a high risk for environments such as API inference servers, research notebooks, CI/CD pipelines, and model evaluation workers, potentially leading to credential theft, lateral movement, or persistence/backdoor deployment.","aliases":["GHSA-fgcw-684q-jj6r","PYSEC-2026-2290"],"modified":"2026-07-16T03:31:16.265570498Z","published":"2026-06-03T12:33:10.227Z","database_specific":{"cna_assigner":"@huntr_ai","cwe_ids":["CWE-829"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5241.json"},"references":[{"type":"WEB","url":"https://huntr.com/bounties/ceb3ce1a-4c45-497a-b25e-cb9a7685e619"},{"type":"WEB","url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5241.json"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:34456"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:37275"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2026-5241"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/5xxx/CVE-2026-5241.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5241"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2484384"},{"type":"FIX","url":"https://github.com/huggingface/transformers/commit/676559d5022b74aaa0cee1cee0842b7f27c5320e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/huggingface/transformers","events":[{"introduced":"7d9754a05193eb79b1d86aa744b622b8068008cd"},{"fixed":"676559d5022b74aaa0cee1cee0842b7f27c5320e"}],"database_specific":{"cpe":"cpe:2.3:a:huggingface:transformers:5.2.0:*:*:*:*:*:*:*","extracted_events":[{"introduced":"5.2.0"},{"last_affected":"5.2.0"}],"source":["CPE_STRING","REFERENCES"]}}],"versions":["5.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-5241.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"}]}