Huggingface Smolagents — known CVE vulnerabilities
Every CVE whose affected-product data names Huggingface Smolagents, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2025-5120 — CVSS 10.0 (critical): A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted…
CVE-2026-2654 — CVSS 6.3 (medium): A weakness has been identified in huggingface smolagents 1.24.0. Impacted is the function requests.get/requests.post of the component…
CVE-2026-4963 — CVSS 6.3 (medium): A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_wi…
CVE-2025-11844 — CVSS 5.4 (medium): Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in…