Critical Hugging Face Transformers flaw ran attacker code on a routine model load - SiliconANGLE

Critical Hugging Face Transformers flaw ran attacker code on a routine model load

Pluto Security Inc. today disclosed a critical remote code execution vulnerability in Hugging Face Inc.’s Transformers library that allowed attacker-controlled artificial intelligence models to run arbitrary code on a victim’s machine.

The flaw fired through a standard model-loading command, even for organizations that followed Hugging Face’s recommended security guidance. Tracked as CVE-2026-4372, the flaw defeated trust_remote_code=False, the setting organizations toggle off to safely vet models pulled from Hugging Face Hub.

An attacker only had to slip a malicious payload into a model’s configuration file. Loading that model with from_pretrained() ran the code. No warning appeared.

Transformers is one of the most heavily used AI packages anywhere. It has been downloaded more than 2.2 billion times, pulls roughly 146 million downloads a month and carries over 157,000 GitHub stars and Hugging Face Hub hosts more than one million models. Pluto estimates the vulnerable versions alone were downloaded 232 million times in the six months the flaw was live.