ReportizFlow
Filtered by vendor Redhat
Subscriptions
Filtered by product Instructlab
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6859 | 1 Redhat | 2 Enterprise Linux Ai, Instructlab | 2026-05-06 | 8.8 High |
| A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise. | ||||
Page 1 of 1.