Trust No Model: CVE-2026-58116 — Remote Code Execution in LLaMA-Factory's WebUI via a Hardcoded `trust_remote_code`
On June 30, 2026, NIST’s National Vulnerability Database published CVE-2026-58116, a critical remote code execution vulnerability in LLaMA-Factory, the open-source LLM fine-tuning framework that has quietly become a piece of critical infrastructure for the AI industry. Wit…