A critical vulnerability in the Hugging Face Transformers library has exposed millions of machine learning engineers and enterprise AI pipelines to silent remote code execution without ever setting trust_remote_code=True. Tracked as CVE-2026-4372 (CVSS 7.8 High), the flaw affects Transformers versions 4.56.0 through 5.2.x and was patched in v5.3.0, released on March 4, 2026. The flaw resides in the library’s kernel-dispatch code […]
The post Critical Hugging Face Transformers Flaw Enables Remote Code Execution appeared first on Cyber Security News.