HIGH
stanfordnlp
CVE published 2026-07-08
CVE-2026-54499
CVE-2026-54499 is a HIGH severity vulnerability in the Stanza NLP library. The issue arises from the library's model loaders, specifically in the `stanza.models.common.pretrain.Pretrain.load()` function, which attempts to load PyTorch models using `torch.load()` with `weights_only=True`. However, if an attacker-controllable `pickle.UnpicklingError` occurs, the loader falls back to `torch.load()` with `wei [truncated]