Description
A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Immediate patch
AI Analysis

Impact

The flaw lies in several evaluation functions within the local_python_executor.py module of Huggingface's Smolagents package, specifically evaluate_augassign, evaluate_call, and evaluate_with. An attacker who can supply crafted input to these functions can trigger arbitrary code execution, causing the program to run malicious code. This attack vector is made possible by an incomplete remediation of a prior CWE-74 vulnerability, leading to a code injection exposure. The vulnerability is classified as a CWE-94: Uncontrolled Modification of Control Flow.

Affected Systems

Only the Huggingface Smolagents component is affected, specifically version 1.25.0.dev0. No other versions or products are indicated as impacted in the provided data.

Risk and Exploitability

The vulnerability scores a CVSS 5.3, indicating moderate severity, and no EPSS score is available. The vulnerability is not listed in CISA's KEV catalog. Based on the description, the attack vector is inferred to be remote, likely through publicly exposed API calls to the Smolagents service. An attacker who can trigger the vulnerable functions can execute arbitrary code, potentially compromising confidentiality, integrity, and availability of the host system.

Generated by OpenCVE AI on March 28, 2026 at 06:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Huggingface Smolagents to a patched release as soon as it becomes available.
  • If an upgrade cannot be performed immediately, limit access to the Smolagents API to trusted users only and enforce network-level controls.
  • Sanitize all input strings that are passed to the evaluate_augassign, evaluate_call, and evaluate_with functions, ensuring they do not contain malicious code.
  • Enable logging for the local_python_executor module and monitor for suspicious execution patterns.
  • Maintain up‑to‑date dependency lists and apply vendor patches promptly.

Generated by OpenCVE AI on March 28, 2026 at 06:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:huggingface:smolagents:1.25.0:dev0:*:*:*:*:*:*

Tue, 31 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. If you want to get best quality of vulnerability data, you may have to visit VulDB. A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Fri, 27 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Title huggingface smolagents Incomplete Fix CVE-2025-9959 local_python_executor.py evaluate_with code injection
First Time appeared Huggingface
Huggingface smolagents
Weaknesses CWE-74
CWE-94
CPEs cpe:2.3:a:huggingface:smolagents:*:*:*:*:*:*:*:*
Vendors & Products Huggingface
Huggingface smolagents
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Huggingface Smolagents
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-31T13:32:41.488Z

Reserved: 2026-03-27T08:17:46.710Z

Link: CVE-2026-4963

cve-icon Vulnrichment

Updated: 2026-03-31T13:32:35.690Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T17:16:31.537

Modified: 2026-04-30T19:05:47.260

Link: CVE-2026-4963

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T07:01:06Z

Weaknesses