CVE-2026-4372 | huggingface transformers up to 5.2.x config.json AutoModelForCausalLM.from_pretrained _attn_implementation_internal missing serialization control element (EUVD-2026-31598)

A vulnerability marked as problematic has been reported in huggingface transformers up to 5.2.x. This vulnerability affects the function AutoModelForCausalLM.from_pretrained of the file config.json. This manipulation of the argument _attn_implementation_internal causes missing serialization control element.

This vulnerability is tracked as CVE-2026-4372. The attack is restricted to local execution. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More