Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-31239: Mamba Language Model Framework through 2.2.6 Allows Malicious Model Execution
CVE-2026-31239
GHSA-pq2f-x424-6fjm
Summary
The Mamba language model framework allows attackers to execute arbitrary code on a victim's system when loading pre-trained models from HuggingFace Hub. This is a security risk because it can be used to steal sensitive information or take control of the system. To stay safe, update to a newer version of Mamba that fixes this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | mamba-ssm | <= 2.2.6 |
Original title
mamba language model framework vulnerable to insecure deserialization when loading pre-trained models from HuggingFace Hub
Original description
The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the pytorch_model.bin weight file without enabling the security-restrictive weights_only=True parameter. This allows the deserialization of arbitrary Python objects via the pickle module. An attacker can exploit this by publishing a malicious model repository on HuggingFace Hub. When a victim loads a model from this repository, arbitrary code is executed on the victim's system in the context of the mamba process.
Vulnerability type
CWE-502
Deserialization of Untrusted Data
Published: 12 May 2026 · Updated: 28 May 2026 · First seen: 13 May 2026