PyPI: transformers
CVE-2026-1839
Safety vulnerability ID: SFTY-20260407-58349
Safety legacy ID: pyup.io-93822
Affected versions of the transformers package are vulnerable to Deserialization of Untrusted Data due to an unsafe torch.load() invocation within the Trainer class that omits the weights_only=True parameter. The _load_rng_state() method in src/transformers/trainer.py at line 3059 calls torch.load() without weights_only=True, and the safe_globals() context manager offers no protection when running on PyTorch versions below 2.6, so a malicious checkpoint file, such as rng_state.pth, is deserialized without restriction. An attacker who supplies a crafted checkpoint file can achieve arbitrary code execution when the Trainer loads it.
Overview
HuggingFace Transformers allows for arbitrary code execution in the `Trainer` class
Advisory
Affected versions of the transformers package are vulnerable to Deserialization of Untrusted Data due to an unsafe torch.load() invocation within the Trainer class that omits the weights_only=True parameter. The _load_rng_state() method in src/transformers/trainer.py at line 3059 calls torch.load() without weights_only=True, and the safe_globals() context manager offers no protection when running on PyTorch versions below 2.6, so a malicious checkpoint file, such as rng_state.pth, is deserialized without restriction. An attacker who supplies a crafted checkpoint file can achieve arbitrary code execution when the Trainer loads it.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260407-58349/CVE-2026-1839
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1839
- https://data.safetycli.com/changelogs/transformers/
- https://github.com/advisories/GHSA-69w3-r845-3855
- https://pypi.org/project/transformers
- https://nvd.nist.gov/vuln/detail/CVE-2026-1839
- https://github.com/huggingface/transformers/commit/03c8082ba4594c9b8d6fe190ca9bed0e5f8ca396
- https://huntr.com/bounties/3c77bb97-e493-493d-9a88-c57f5c536485
- https://github.com/huggingface/transformers/releases/tag/v5.0.0rc3
- https://github.com/advisories/GHSA-69w3-r845-3855
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more