๐Ÿ” CVE Alert

CVE-2026-54499

HIGH 7.5

Stanza: Remote Code Execution via Unsafe Pickle Deserialization in Model Loaders

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load() attempt torch.load(..., weights_only=True) but fall back to torch.load(..., weights_only=False) on attacker-controllable pickle.UnpicklingError, allowing a malicious .pt pretrain or model file to execute arbitrary pickle code when a Stanza NLP pipeline loads it. This issue is fixed in version 1.12.2.

CWE CWE-502 CWE-676
Vendor stanfordnlp
Product stanza
Published Jul 8, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for stanfordnlp stanza

Be the first to know when new high vulnerabilities affecting stanfordnlp stanza are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

stanfordnlp / stanza
< 1.12.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/stanfordnlp/stanza/security/advisories/GHSA-v5jw-96jm-7h2c github.com: https://github.com/stanfordnlp/stanza/pull/1587 github.com: https://github.com/stanfordnlp/stanza/commit/b745008c68c9e50ccb5acd537cb6f2453f8b7ad4 github.com: https://github.com/stanfordnlp/stanza/releases/tag/v1.12.2