CVE-2026-5241 — A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model repository to execute arbitrary code during model initialization. The — CVE Database · The Intelligence Room