CVE-2026-45804 | huggingface diffusers up to 0.37.x Pipeline Loading model_index.json from_pretrained custom_pipeline/trust_remote_code improper authentication

SecurityVulns

A vulnerability was found in huggingface diffusers up to 0.37.x. It has been declared as critical. This impacts the function from_pretrained of the file model_index.json of the component Pipeline Loading. Such manipulation of the argument custom_pipeline/trust_remote_code leads to improper authentication.

This vulnerability is uniquely identified as CVE-2026-45804. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More