CVE-2026-45804: CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition in huggingface diffusers
A TOCTOU race condition vulnerability exists in huggingface diffusers prior to version 0.38.0. The DiffusionPipeline.from_pretrained method can bypass the trust_remote_code guard due to a validation…
Read the full article2d agoen
Comments
Sign in to join the conversation.
No comments yet. Be the first.