Critical RCE Vulnerability Discovered in LLaMA-Factory WebUI

Critical RCE Vulnerability Discovered in LLaMA-Factory WebUI

First seen 1 Jul 2026, 08:47 UTC nvd.nist.govMallory.Aicvefeed.iogist.github.com 80% similarity 72.6
Share:

Article Content

Browse articles
ThreatCluster

A critical remote code execution vulnerability, CVE-2026-58116, has been identified in LLaMA-Factory versions up to 0.9.5. The flaw allows attackers to execute arbitrary Python code by supplying a malicious model path in the WebUI Chat and Training interfaces. This vulnerability is due to unvalidated user input being passed to Hugging Face model-loading functions with trust_remote_code enabled. The CVSS 3.1 score is 9.8, indicating high severity. Recommended mitigations include updating LLaMA-Factory and restricting WebUI access. Public reports confirm the issue is remotely exploitable, raising concerns about widespread impact. No configuration options exist to disable the unsafe behavior, increasing vulnerability exposure.

Key Points: • CVE-2026-58116 allows RCE via malicious model paths in LLaMA-Factory WebUI. • The vulnerability affects all versions up to 0.9.5 and has a CVSS score of 9.8. • Mitigation includes updating the software and restricting access to the WebUI.

ThreatCluster AI

Timeline

2026-06-30
CVE-2026-58116 published
A critical RCE vulnerability in LLaMA-Factory was disclosed, allowing remote code execution via unvalidated model paths.
Mallory.Ai
2026-06-30
CVE-2026-58116 reported
The vulnerability was confirmed to be remotely exploitable, affecting LLaMA-Factory versions up to 0.9.5.
cvefeed.io
2026-06-30
Hugging Face vulnerability mentioned
Related vulnerabilities in the Hugging Face library were noted, highlighting risks associated with model loading.
nvd.nist.gov

Community

Browse all →