{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4963", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-27T08:17:46.710Z", "datePublished": "2026-03-27T17:05:20.096Z", "dateUpdated": "2026-03-27T17:05:20.096Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-27T17:05:20.096Z"}, "title": "huggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "huggingface", "product": "smolagents", "versions": [{"version": "1.25.0.dev0", "status": "affected"}], "cpes": ["cpe:2.3:a:huggingface:smolagents:*:*:*:*:*:*:*:*"], "modules": ["Incomplete Fix CVE-2025-9959"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. If you want to get best quality of vulnerability data, you may have to visit VulDB."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-27T09:23:31.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-z (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.353840", "name": "VDB-353840 | huggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.353840", "name": "VDB-353840 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.777623", "name": "Submit #777623 | HuggingFace smolagents 1.25.0.dev0 CWE-693", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.777643", "name": "Submit #777643 | HuggingFace smolagents 1.25.0.dev0 CWE-693 (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.777644", "name": "Submit #777644 | HuggingFace smolagents 1.25.0.dev0 CWE-693 (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/7146f45960f79bc1e2976fed526e0a9b", "tags": ["related"]}, {"url": "https://gist.github.com/YLChen-007/35b7d46e892266a0ed6dbe57802858be", "tags": ["exploit"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. If you want to get best quality of vulnerability data, you may have to visit VulDB."}], "id": "CVE-2026-4963", "lastModified": "2026-03-27T17:16:31.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-27T17:16:31.537", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/YLChen-007/35b7d46e892266a0ed6dbe57802858be"}, {"source": "cna@vuldb.com", "url": "https://gist.github.com/YLChen-007/7146f45960f79bc1e2976fed526e0a9b"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.353840"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.353840"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.777623"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.777643"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.777644"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T18:20:48.915448+00:00", "value": {"mitigation_remediation": ["Upgrade smolagents to the latest released version that addresses the CVE-2025-9959 fix.", "If an update is not immediately possible, limit external exposure of the smolagents service or disable the vulnerable evaluate_* functions until a patch is applied.", "Monitor logs for unexpected or suspicious code execution attempts that may indicate exploitation attempts."], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "huggingface smolagents version 1.25.0.dev0 is affected. The vulnerability is specific to the evaluate_* functions within the local_python_executor module. No other versions or components are listed as impacted.", "description_and_impact": "The vulnerability originates from the evaluate_augassign, evaluate_call, and evaluate_with functions in the local_python_executor module of huggingface smolagents. It allows an attacker to inject arbitrary code via misuse of the evaluation mechanisms, leading to remote code execution. The weakness corresponds to improper input validation and code injection. The description states that the exploit has been publicly released and can be triggered remotely, indicating that any exposed instance is vulnerable.", "risk_and_exploitability": "The CVSS score of 5.3 places this issue in the moderate severity range. There is no EPSS score available and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, as the description explicitly states that the flaw can be triggered from outside the system. Because the exploit code is publicly available, the likelihood of exploitation is elevated for exposed installations, raising the overall risk to a moderate to high level."}}}}, "created": "2026-03-27T20:27:58.124032+00:00", "updated": "2026-03-27T20:27:58.124095+00:00", "vendors": []}