CVE-2026-6859 — HIGH (CVSS 8.8) AI Security Vulnerability

Q: Is CVE-2026-6859 actively exploited?

No confirmed active exploitation of CVE-2026-6859 has been reported, but organizations should still patch proactively.

Q: How to fix CVE-2026-6859?

No patch is currently available. Monitor vendor advisories for updates.

Q: What is the CVSS score for CVE-2026-6859?

CVE-2026-6859 has a CVSS v3.1 base score of 8.8 (HIGH). The EPSS exploitation probability is 0.16%.

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted...

Full CISO analysis pending enrichment.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
instructlab	pip	<= 0.26.1	No patch

Do you use instructlab? You're affected.

Severity & Risk

CVSS 3.1

8.8 / 10

EPSS

0.2%

chance of exploitation in 30 days

Higher than 36% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

N/A

Attack Surface

AV Network

AC Low

PR None

UI Required

S Unchanged

C High

I High

A High

Recommended Action

No patch available

Monitor for updates. Consider compensating controls or temporary mitigations.

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is CVE-2026-6859?

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise.

Is CVE-2026-6859 actively exploited?

No confirmed active exploitation of CVE-2026-6859 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-6859?

No patch is currently available. Monitor vendor advisories for updates.

What is the CVSS score for CVE-2026-6859?

CVE-2026-6859 has a CVSS v3.1 base score of 8.8 (HIGH). The EPSS exploitation probability is 0.16%.

Technical Details

NVD Description

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise.

Weaknesses (CWE)

CWE-829 Primary CWE-829 Inclusion of Functionality from Untrusted Control Sphere Primary

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Timeline

Published

April 22, 2026

Last Modified

April 29, 2026

First Seen