{"vulnerability": "CVE-2026-4372", "sightings": [{"uuid": "f3c87771-2bae-4895-a49f-8fc2920d23b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4372", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116634281340740498", "content": "Attention, elevated activities detected targeting huggingface transformers (CVE-2026-4372) https://vuldb.com/vuln/365468/cti", "creation_timestamp": "2026-05-25T08:31:36.911645Z"}, {"uuid": "c398f172-9d2c-43b3-8f2a-d21bfa2ec4b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4372", "type": "seen", "source": "https://bsky.app/profile/mel-echosphere.bsky.social/post/3mmr3qyfrjn2a", "content": "HuggingFace Transformers\u3001config.json \u306e\u30d5\u30a3\u30fc\u30eb\u30c91\u500b\u3067 trust_remote_code \u3092\u7d20\u901a\u308a\u3059\u308b\u7a74\u3002CVE-2026-4372\u3001CVSS 7.8\u3002\u26a0\ufe0f\n\nfrom_pretrained() \u3067\u30e2\u30c7\u30eb\u8aad\u3080\u3060\u3051\u3067\u3001\u653b\u6483\u8005\u306e Python \u304c OS \u6a29\u9650\u3067\u8d70\u308b\u3002trust_remote_code=False \u306b\u3057\u3066\u3066\u3082\u95a2\u4fc2\u306d\u3047\u3002\n\nv5.3.0 \u3067\u4fee\u6b63\u3002\ud83d\udc8e\n\nhttps://vulnerability.circl.lu/vuln/cve-2026-4372\n\n#HuggingFace #LLMSecurity", "creation_timestamp": "2026-05-26T13:25:33.099042Z"}, {"uuid": "f5d12a18-f824-46e2-88e9-6330d0c6d316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4372", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mnjydifvjb2m", "content": "Hugging Face Transformers\u306e\u6df1\u523b\u306a\u8106\u5f31\u6027\u3001\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u53ef\u80fd\u306b\n\nHugging Face Transformers\u306b\u5b58\u5728\u3059\u308b\u6df1\u523b\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\uff08CVE-2026-4372\uff09\u306b\u3088\u308a\u3001\u60aa\u610f\u3092\u6301\u3063\u305f\u30e2\u30c7\u30eb\u8a2d\u5b9a\u3092\u901a\u3058\u3066\u3001\u6570\u767e\u4e07\u3082\u306e\u30de\u30b7\u30f3\u30e9\u30fc\u30cb\u30f3\u30b0\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u304c\u30b5\u30a4\u30ec\u30f3\u30c8\u306a\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\uff08RCE\uff09\u306e\u5371\u967a\u306b\u3055\u3089\u3055\u308c\u3066\u3044\u305f\u3053\u3068\u304c\u660e\u3089\u304b\u306b\u306a\u308a\u307e\u3057\u305f\u3002 Pluto Security\u306e\u30ea\u30b5", "creation_timestamp": "2026-06-05T11:00:51.715030Z"}, {"uuid": "cc363f14-4f66-4cfe-b243-be4c56e16df9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4372", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mnjydifvjb2m", "content": "Hugging Face Transformers\u306e\u6df1\u523b\u306a\u8106\u5f31\u6027\u3001\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u53ef\u80fd\u306b\n\nHugging Face Transformers\u306b\u5b58\u5728\u3059\u308b\u6df1\u523b\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\uff08CVE-2026-4372\uff09\u306b\u3088\u308a\u3001\u60aa\u610f\u3092\u6301\u3063\u305f\u30e2\u30c7\u30eb\u8a2d\u5b9a\u3092\u901a\u3058\u3066\u3001\u6570\u767e\u4e07\u3082\u306e\u30de\u30b7\u30f3\u30e9\u30fc\u30cb\u30f3\u30b0\u30ef\u30fc\u30af\u30d5\u30ed\u30fc\u304c\u30b5\u30a4\u30ec\u30f3\u30c8\u306a\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\uff08RCE\uff09\u306e\u5371\u967a\u306b\u3055\u3089\u3055\u308c\u3066\u3044\u305f\u3053\u3068\u304c\u660e\u3089\u304b\u306b\u306a\u308a\u307e\u3057\u305f\u3002 Pluto Security\u306e\u30ea\u30b5", "creation_timestamp": "2026-06-05T11:00:51.722668Z"}, {"uuid": "a25ff903-262a-4ebb-bd3e-f1e6861b9709", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4372", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mnjywa4flm2e", "content": "Hugging Face Transformers\u306e\u91cd\u5927\u306a\u8106\u5f31\u6027\u3001\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u53ef\u80fd\u306b\n\nHugging Face Transformers\u30e9\u30a4\u30d6\u30e9\u30ea\u306b\u91cd\u5927\u306a\u8106\u5f31\u6027\u304c\u767a\u898b\u3055\u308c\u3001\u6570\u767e\u4e07\u4eba\u306b\u306e\u307c\u308b\u6a5f\u68b0\u5b66\u7fd2\u30a8\u30f3\u30b8\u30cb\u30a2\u3084\u4f01\u696d\u306eAI\u30d1\u30a4\u30d7\u30e9\u30a4\u30f3\u304c\u3001trust_remote_code=True\u3092\u8a2d\u5b9a\u3059\u308b\u3053\u3068\u306a\u304f\u9759\u304b\u306b\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3055\u308c\u308b\u5371\u967a\u306b\u3055\u3089\u3055\u308c\u3066\u3044\u305f\u3053\u3068\u304c\u660e\u3089\u304b\u306b\u306a\u308a\u307e\u3057\u305f\u3002 CVE-2026-4372\uff08", "creation_timestamp": "2026-06-05T11:11:20.446642Z"}, {"uuid": "56cb2686-bb48-40fa-b5be-e26ac0d4e0b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4372", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mnjywa4flm2e", "content": "Hugging Face Transformers\u306e\u91cd\u5927\u306a\u8106\u5f31\u6027\u3001\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u53ef\u80fd\u306b\n\nHugging Face Transformers\u30e9\u30a4\u30d6\u30e9\u30ea\u306b\u91cd\u5927\u306a\u8106\u5f31\u6027\u304c\u767a\u898b\u3055\u308c\u3001\u6570\u767e\u4e07\u4eba\u306b\u306e\u307c\u308b\u6a5f\u68b0\u5b66\u7fd2\u30a8\u30f3\u30b8\u30cb\u30a2\u3084\u4f01\u696d\u306eAI\u30d1\u30a4\u30d7\u30e9\u30a4\u30f3\u304c\u3001trust_remote_code=True\u3092\u8a2d\u5b9a\u3059\u308b\u3053\u3068\u306a\u304f\u9759\u304b\u306b\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3055\u308c\u308b\u5371\u967a\u306b\u3055\u3089\u3055\u308c\u3066\u3044\u305f\u3053\u3068\u304c\u660e\u3089\u304b\u306b\u306a\u308a\u307e\u3057\u305f\u3002 CVE-2026-4372\uff08", "creation_timestamp": "2026-06-05T11:11:20.441471Z"}]}