VDB

CISA-2026-24747

CISA-2026-24747 PUBLISHED CVSS 8.8 HIGH

Reported by GitHub_M · Published January 27, 2026

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.

Risk Scores

CVSS 3.1
8.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
pytorchpytorch< 2.10.0
pytorchpytorch< 2.10.0, < 2.10.0

Timeline

  • Jan 27, 2026 CVE Published
  • Jan 30, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›