A newly disclosed critical vulnerability in the HuggingFace Transformers library, tracked as CVE-2026-4372, allows attackers to achieve remote code execution (RCE) through malicious model configuration files. The flaw exposes a significant supply chain risk in one of the most widely used machine learning frameworks, impacting developers, enterprises, and AI pipelines globally. The vulnerability stems from […]
The post Critical Vulnerability in Hugging Face Transformers Enables Remote Code Execution Attacks appeared first on Cyber Security News.