Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

CVE-2026-5241 -- CVSS 9.6 Vulnerability Briefing

CVE-2026-5241 | CVSS 9.6 (Critical) | Exploit: No known exploit

What Is It

CVE-2026-5241 is an arbitrary code execution vulnerability in the LightGlue model loading path of Huggingface Transformers version 5.2.0, triggered when loading a model from an attacker-controlled repository.

Technical Detail

The flaw exists in how Transformers version 5.2.0 handles model initialization for LightGlue models: attacker-supplied content from a malicious model repository is processed in an unsafe manner during the loading sequence, allowing arbitrary code to execute in the context of the loading process. An attacker exploiting this vulnerability would need to direct a target user or automated pipeline into loading a crafted model, which is a realistic scenario given the widespread use of public model hubs in ML workflows. Successful exploitation results in remote code execution (RCE) on the host running the model loading operation, with a CVSS score of 9.6 reflecting the high impact across confidentiality, integrity, and availability.

Exploitation Status

No known exploit code has been publicly observed as of June 10, 2026. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities catalog. Exploit maturity is assessed as none at this time, though the attack surface is broad given the prevalence of automated model loading in ML pipelines, which may lower the barrier for future exploitation development.

Who Is Targeting This

No confirmed threat actor attribution has been established for this vulnerability. Reported (research-inferred, medium confidence): GAMAREDONGROUP, BLACKBYTE, ROCKE, COBALTGROUP, and SILENCE have been associated with this CVE in threat intelligence reporting, though no origin or specific motivation has been confirmed for any of these actors in this context. These associations should be treated as preliminary and not as verified operational targeting.

What To Do

Organizations using Huggingface Transformers version 5.2.0 should prioritize patching to the latest available version that addresses this vulnerability. Until a patch is applied, restrict model loading to trusted, internally verified repositories and avoid loading models from public or unverified sources in production or privileged environments. Automated ML pipelines that pull models from external hubs should be reviewed and gated with integrity verification controls. Monitor for unexpected process spawning or network connections originating from model loading operations as a detection signal. Given the critical CVSS score and the realistic attack path through public model repositories, this should be treated as a high-priority remediation item even in the absence of confirmed active exploitation.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →