CYBERHAWK / CVE / CVE-2026-6859

CVE-2026-6859

InstructLab

HIGH CVSS 8.8 ai

The flaw

Hardcoded trust_remote_code=True in training scripts enables arbitrary code execution from malicious HuggingFace models

What to do

Review model sources before running ilab train/download/generate

▸ Scan my repo for CVE-2026-6859

References

NVD CISA KEV OSV GitHub Advisory MITRE News search
First seen 2026-04-24 · Tracked by PickBits CyberHawk · Weekly CVE digest
← All CVEs RSS Scheduled audits