CVE-2026-44513
HIGH SEVERITYCVSS Score & Metrics
Base Score
8.8 / 10
Vulnerability Description
Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
pip
Product
diffusers
External References
- https://github.com/huggingface/diffusers/security/advisories/GHSA-98h9-4798-4q5v
- https://github.com/huggingface/diffusers/issues/13446
- https://github.com/huggingface/diffusers/pull/13448
- https://github.com/huggingface/diffusers/commit/a37f6f8394ac2a7ee8360c3abea811efe54512b1
- https://github.com/huggingface/diffusers/releases/tag/v0.38.0
- https://github.com/advisories/GHSA-98h9-4798-4q5v
Discussion (0)
Add Comment
No comments yet. Be the first!