VDB

CVE-2026-26931

CVE-2026-26931 PUBLISHED CVSS 5.699999809265137 MEDIUM

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.

EPSS 0.02% · 6.5th percentile

Risk Scores

CVSS v3.1
5.699999809265137
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.02%
6.5th percentile

Affected Products

VendorProductVersions
github.comelastic/beats/v70, 0, 0
pytorchpytorch< 2.6.0
ElasticMetricbeat8.0.0, 8.0.0, 8.0.0

Timeline

  • Jun 9, 2023 PoC Published
  • Jul 15, 2023 PoC Published
  • Nov 4, 2023 PoC Published
  • Dec 8, 2023 PoC Published
  • Mar 1, 2024 PoC Published
  • Apr 5, 2024 PoC Published
  • Jul 17, 2024 PoC Published
  • Apr 18, 2025 PoC Published
  • Apr 21, 2025 PoC Published
  • Apr 21, 2025 PoC Published
  • Apr 21, 2025 PoC Published
  • Apr 21, 2025 PoC Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›