Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-6859
PUBLISHED
More InfoOfficial Page
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
View Known Exploited Vulnerability (KEV) details
Published At-22 Apr, 2026 | 13:04
Updated At-04 May, 2026 | 06:05
Rejected At-
▼CVE Numbering Authority (CNA)
Instructlab: instructlab: arbitrary code execution due to hardcoded `trust_remote_code=true`

A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI (RHEL AI) 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhelai3/bootc-aws-cuda-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI (RHEL AI) 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhelai3/bootc-azure-cuda-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI (RHEL AI) 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhelai3/bootc-azure-rocm-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3
Default Status
unaffected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI (RHEL AI) 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhelai3/bootc-cuda-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI (RHEL AI) 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhelai3/bootc-gcp-cuda-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AI (RHEL AI) 3
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
rhelai3/bootc-rocm-rhel9
CPEs
  • cpe:/a:redhat:enterprise_linux_ai:3
Default Status
unaffected
Problem Types
TypeCWE IDDescription
CWECWE-829Inclusion of Functionality from Untrusted Control Sphere
Type: CWE
CWE ID: CWE-829
Description: Inclusion of Functionality from Untrusted Control Sphere
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

To mitigate this issue, only use models from trusted sources when performing `instructlab` operations. Review the origin and integrity of any HuggingFace model before using it with `ilab train/download/generate`. Consider running `instructlab` commands within a sandboxed or isolated environment to limit the potential impact of executing untrusted code.

Exploits
Credits
Red Hat would like to thank Martin Brodeur (independent security researcher) for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2026-04-15 00:00:00
Made public.2026-04-15 00:00:00
Event: Reported to Red Hat.
Date: 2026-04-15 00:00:00
Event: Made public.
Date: 2026-04-15 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-6859
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2459998
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-6859
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2459998
Resource:
issue-tracking
x_refsource_REDHAT
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found