CVE-2026-58116 | hiyouga LlamaFactory up to 0.9.5 Training Interface AutoTokenizer.from_pretrained inclusion of functionality from untrusted control sphere (EUVD-2026-40311)

A vulnerability classified as critical has been found in hiyouga LlamaFactory up to 0.9.5. Affected is the function AutoTokenizer.from_pretrained of the component Training Interface. Performing a manipulation results in inclusion of functionality from untrusted control sphere.

This vulnerability is known as CVE-2026-58116. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More