CVE-2026-47117P2CRITICALCVSS 9.8fixed in 1.5.22026-06-02
CVE-2026-47117 [CRITICAL] CWE-94 CVE-2026-47117: OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied model_name parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path that loads Hugging Face models with trust_remote_code
ghsanvd