Critical RCE Vulnerability Found in Hugging Face Transformers
Security researchers have discovered a critical remote code execution (RCE) vulnerability in Hugging Face Transformers, a widely-used open-source library for natural language processing and machine learning tasks.
The flaw enables attackers to execute arbitrary code on a victim's system by crafting malicious AI model configurations. This type of attack is particularly concerning because model configuration files are commonly shared and downloaded from repositories like Hugging Face's Model Hub, making it easy for attackers to distribute compromised models.
The vulnerability exploits how Transformers processes and loads model configurations, allowing code execution during the loading process without requiring user interaction beyond importing or loading the model. This stealthy attack vector makes detection difficult, as the malicious code runs silently in the background.
Users of Hugging Face Transformers are advised to ensure their installations are up to date and to exercise caution when loading models from untrusted sources. Organizations should implement security controls around model loading processes and consider sandboxing model evaluation environments.
This discovery highlights the growing security concerns around the AI supply chain, as attackers increasingly target the infrastructure and libraries that power machine learning workflows.