PatchSiren

stanfordnlp CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH stanfordnlp CVE published 2026-07-08

CVE-2026-54499

CVE-2026-54499 is a HIGH severity vulnerability in the Stanza NLP library. The issue arises from the library's model loaders, specifically in the `stanza.models.common.pretrain.Pretrain.load()` function, which attempts to load PyTorch models using `torch.load()` with `weights_only=True`. However, if an attacker-controllable `pickle.UnpicklingError` occurs, the loader falls back to `torch.load()` with `wei [truncated]