CVE-2026-5241
highCVSS v3 Base Score
7.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in python-transformers. An attacker can exploit this vulnerability by providing a malicious model repository. During model initialization, the `trust_remote_code` parameter, intended to prevent remote code execution, is overridden by untrusted configuration data. This allows the attacker to execute arbitrary code, potentially leading to credential theft, unauthorized access, or the deployment of backdoors.
CWE
CWE-829Affected Products
OpenShift LightspeedRed Hat AI Inference ServerRed Hat Ansible Automation Platform 2Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat OpenShift AI (RHOAI)