CVE-2026-6859Inclusion of Functionality from Untrusted Control Sphere in Bootc-aws-cuda-rhel9

CWE-829Inclusion of Functionality from Untrusted Control Sphere4 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 63.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Rhelai3 Bootc-aws-cuda-rhel9Rhelai3 Bootc-azure-cuda-rhel9Rhelai3 Bootc-azure-rocm-rhel9+3 more
Timeline
PublishedApr 22

Description

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

🔴Vulnerability Details

1
GHSA
GHSA-rxpq-xgqx-fr7p: A flaw was found in InstructLab2026-04-22

📋Vendor Advisories

1
Red Hat
instructlab: InstructLab: Arbitrary code execution due to hardcoded `trust_remote_code=True`2026-04-15

💬Community

1
Bugzilla
CVE-2026-6859 instructlab: InstructLab: Arbitrary code execution due to hardcoded `trust_remote_code=True`2026-04-21
CVE-2026-6859 — Bootc-aws-cuda-rhel9 vulnerability | cvebase