Aikido Intel
Secure My Code
Intel

AIKIDO-2026-10911

huggingface-hub is vulnerable to Information Disclosure

Information Disclosure Pre-CVE
Found by Aikido Intel before public disclosure or CVE publication.
Published 3 days ago

68

Medium Risk

This Affects:

PYTHONhuggingface-hub
0.10.0 - 1.15.0
Fixed in 1.16.0
Are you affected? Scan for Free

TL;DR

The huggingface_hub client writes Hugging Face API tokens to HF_TOKEN_PATH and multi-account tokens to HF_STORED_TOKENS_PATH under the user's cache directory. Before the fix, those files were created with default POSIX modes, often leaving token files world-readable on typical systems. A local user or process with filesystem access to the victim's home directory could read the tokens and authenticate to the Hub as that user. The fix writes secrets through _write_secret, creating parent directories at 0o700 and files at 0o600, and tightens permissions on existing paths on the next save.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

huggingface-hub is vulnerable to Information Disclosure in versions 0.10.0 - 1.15.0.

How to fix this

Upgrade the huggingface-hub library to the patch version.

Links

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Scan for Free
Book a Demo

Free. No credit card required.

Aikido Platform
Subscribe
Stay up to date with all updates
LinkedIn YouTube X
© 2026 Aikido Security BV | BE0792914919
Ghent, Belgium | San Francisco, US
SOC 2SOC 2Compliant
ISO 27001ISO 27001Compliant
Get Security Done