Just in:
Louis Vuitton Celebrates 130 Years of the Monogram // Fynd brings AI fashion platform to Gulf // A SIM Guide to Comparing Graduate Salaries and Employability in Singapore // Dubai weighs turning organic waste into aviation fuel // UK sets overnight social media curfew for teens // Alessio Vinassa: ‘Generative AI Is the Most Important Creative Tool Since the Camera — and the Most Misunderstood’ // Xsolla and Management and Science University (MSU) Sign Memorandum of Understanding (MOU) to Connect Future Game Developers With Global Commercial Opportunities // Rhenus to Further Strengthen Warehousing Solutions in the Philippines // Gadkari’s Ethanol Defence Is Losing The Public Argument // Trump scraps Hormuz levy but tightens Iran blockade // Iran widens energy threat as Hormuz battle escalates // CyCraft Named a Sample Provider in the Gartner® Latest AI Reasoning Models Report—The Only Taiwan-Based Cybersecurity Provider Listed // Dealing.com claims record for tokenised stock access // Citadel Securities backs Crypto.com with $400 million // Guardian Fire expands Midwest reach with Nebraska deal // Enshi Suobuya Stone Forest in China Launches Rich Cultural Experiences to Welcome Southeast Asian Tourists // TrendAI™ Named a Champion for the Fourth Consecutive Year in Omdia’s Global Cybersecurity Platform Ecosystems Leadership Matrix 2026 // Launch ceremony of third edition of Hong Kong Fashion Fest Held on July 9 // AI tools sharpen cybercrime as quishing surges // DITP Launches THAI SELECT Festival 2026 in New York to Strengthen U.S. Market Opportunities for Thailand’s Food Industry //

Hugging Face flaw exposes AI pipelines

A serious flaw in Hugging Face’s Transformers library has widened concern over the security of model-sharing ecosystems after researchers showed that a poisoned model configuration could trigger remote code execution during a routine load operation.

Tracked as CVE-2026-4372, the vulnerability affects Transformers versions before 5.3.0 and centres on the handling of the attnimplementationinternal field inside a model’s config. json file. Security researchers found that an attacker could set that field to point to a repository under their control, causing the library to download and execute arbitrary Python code when a victim loaded the model through standard APIs such as frompretrained() or AutoModelForCausalLM. from_pretrained().

The finding is significant because the attack path bypassed the safeguard many developers rely on when handling untrusted models: trustremotecode=False. That setting is widely used to prevent execution of custom code from model repositories. In this case, researchers said the malicious path could run without warnings and without the user explicitly enabling remote code execution, undermining a core assumption in many machine learning security policies.

ADVERTISEMENT

Hugging Face Transformers is one of the most widely used open-source libraries in artificial intelligence development, supporting PyTorch, TensorFlow and JAX workflows across text, vision, audio and multimodal models. Its reach gives the flaw an unusually large blast radius. The package has accumulated more than 2.2 billion PyPI downloads, attracts tens of millions of downloads each month and is embedded in enterprise AI systems, research environments, cloud notebooks and automated model evaluation pipelines.

The issue was disclosed by Pluto Security researcher Yotam Perkal, who described a scenario in which a single malicious configuration entry could compromise systems loading a model from the Hugging Face Hub. Vulnerable versions were downloaded hundreds of millions of times during the period in which the flaw was present, creating exposure across organisations that routinely test third-party models, run fine-tuning jobs or integrate open-source models into production inference services.

The technical risk comes from the way modern AI workflows blur the line between data and executable software. A model repository may contain weights, tokenisers, configuration files and code required to instantiate an architecture. Developers often treat configuration files as lower-risk metadata, but CVE-2026-4372 demonstrates that configuration-driven loading paths can become execution paths when libraries resolve references dynamically during model initialisation.

The vulnerability lands amid growing scrutiny of AI supply chains. Model hubs have become central to software development because they allow teams to reuse pre-trained systems rather than build them from scratch. That efficiency also creates a trust problem. A malicious or compromised repository can reach automated pipelines, developer laptops and GPU-backed servers if organisations pull models without isolation, pinning, scanning or review.

Academic work on model-hosting ecosystems has warned that unsafe loading practices, custom code hooks and developer confusion over remote execution controls remain widespread. Studies of model hubs have found that malicious payloads may be hidden in model files, dataset loading scripts or framework-specific APIs, with possible outcomes including credential theft, reverse shells, file access, system reconnaissance and lateral movement inside development environments.

For enterprises, the risk is not confined to experimental AI teams. Transformers is frequently used in retrieval systems, customer-service automation, document processing, code assistants, data labelling tools and internal analytics. A successful exploit could run with the privileges of the user or service account loading the model, putting cloud tokens, API keys, proprietary datasets and local files at risk. GPU servers used for model training may also have access to shared storage, build systems and internal networks.

Hugging Face has addressed the issue in Transformers 5.3.0. Security teams are being urged to upgrade immediately, audit environments for older package versions and review any model repositories loaded during the affected period. Organisations running pinned dependencies in containers, notebooks, continuous integration systems or managed machine learning platforms may need separate checks, as those environments often continue using frozen versions long after a patch is available.



Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.


ADVERTISEMENT
Social Media Auto Publish Powered By : XYZScripts.com