CVE-2026-45804: Diffusers: TOCTOU Trust Remote Code Bypass

May 20, 2026

The vulnerability is a silent RCE - it allows arbitrary code to be loaded through the custom pipeline flow from a Hub repo, with no custom_pipeline or trust_remote_code kwargs. The from_pretrained call succeeds and returns a fully functional pipeline.

References

github.com/advisories/GHSA-7wx4-6vff-v64p
github.com/huggingface/diffusers/security/advisories/GHSA-7wx4-6vff-v64p
nvd.nist.gov/vuln/detail/CVE-2026-45804

Code Behaviors & Features

Detect and mitigate CVE-2026-45804 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →