CVE-2026-54499 | stanfordnlp Stanza up to 1.12.1 Model Loader Pretrain.load deserialization
A vulnerability was found in stanfordnlp Stanza up to 1.12.1 and classified as critical. Impacted is the function Pretrain.load of the component Model Loader. The manipulation results in deserialization.
This vulnerability is reported as CVE-2026-54499. The attack can be launched remotely. No exploit exists.