IOC Radar
TLP:WHITE2 IOCs

Critical Hugging Face Transformers Flaw Enables Remote Code Execution

CP
Cyber Press
Published June 5, 2026Original Report

Diamond Model

Attack Flow5 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1190
1/5
Exploit Public-Facing Application
ActionUpload malicious package
An attacker uploads a malicious Python package to the Hugging Face Hub.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise2

TypeIndicatorConfidenceScoreFirst Seen
CVECVE-2025-32434
exploitintel-blogvulnerability
Medium
51
Jun 6, 26
CVECVE-2026-4372
exploitintel-blogvulnerability
Medium
51
Jun 6, 26

IOC Relationship Graph

IOC Relationship Graph2 total IOCs
CVE
CVE2REPORTCritical Hugging Face Tran
scroll to zoom · drag to pan · click IOC to open