smolagents Python Executor Code Injection Guide 2026 (CVE-2026-4963)

smolagents Python Executor Code Injection Guide 2026 (CVE-2026-4963)

If you’re running Hugging Face’s smolagents in production with the local Python executor, stop what you’re doing and read this. CVE-2026-4963 is a code injection vulnerability in smolagents <= 1.25.0-dev.0 that lets an attacker execute arbitrary Python code on the host machine. The NVD rates it 10.0 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). The exploit is public. And here’s the worst part — this is an incomplete fix for CVE-2025-9959, meaning the previous patch didn’t actually close the hole. ...

July 7, 2026 · 7 min · baeseokjae