PatchSiren cyber security CVE debrief
CVE-2026-54499 stanfordnlp CVE debrief
CVE-2026-54499 is a HIGH severity vulnerability in the Stanza NLP library. The issue arises from the library's model loaders, specifically in the `stanza.models.common.pretrain.Pretrain.load()` function, which attempts to load PyTorch models using `torch.load()` with `weights_only=True`. However, if an attacker-controllable `pickle.UnpicklingError` occurs, the loader falls back to `torch.load()` with `weights_only=False`, allowing arbitrary pickle code execution when a malicious `.pt` pretrain or model file is loaded. This vulnerability is fixed in version 1.12.2.
- Vendor
- stanfordnlp
- Product
- stanza
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-10
Who should care
Users of the Stanza NLP library, particularly those who load models from untrusted sources, should be aware of this vulnerability and take steps to mitigate it. This includes ensuring that models are loaded from trusted sources and that the library is updated to version 1.12.2 or later.
Technical summary
The Stanza NLP library, prior to version 1.12.2, contains a vulnerability in its model loading functionality. Specifically, the `stanza.models.common.pretrain.Pretrain.load()` function attempts to load PyTorch models using `torch.load()` with `weights_only=True`. If a `pickle.UnpicklingError` occurs during this process, the function falls back to `torch.load()` with `weights_only=False`. This fallback behavior allows an attacker to execute arbitrary pickle code by providing a malicious `.pt` pretrain or model file. The vulnerability is addressed in version 1.12.2 of the library.
Defensive priority
High
Recommended defensive actions
- Update the Stanza NLP library to version 1.12.2 or later
- Ensure that models are loaded from trusted sources
- Implement additional security measures, such as validating model files before loading
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-08T23:16:54.690Z and was last modified on 2026-07-10T19:03:20.407Z. The NVD entry is currently Awaiting Analysis. This vulnerability affects users of the Stanza NLP library who load models from untrusted sources. Evidence is limited to public CVE and NVD information. Defenders should verify model sources and update to version 1.12.2 or later.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T23:16:54.690Z and has not been modified since then. The NVD entry is currently Awaiting Analysis.