VDB
CVE-2026-26940
CVE-2026-26940
PUBLISHED
CVSS 6.5 MEDIUM
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
EPSS 0.08% · 22.7th percentile
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.08%
22.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| elastic | kibana | 8.0.0, 9.0.0, 9.0.0 |
| pytorch | pytorch | < 2.6.0 |
| Elastic | Kibana | 8.0.0, 9.0.0, 9.3.0 |
Exploit Intelligence
- arturo-b-cmu/cve-2016-20012 (github-poc)
- arturo-b-cmu/cve-2016-20012 (github-poc)
- arturo-b-cmu/cve-2016-20012 (github-poc)
- arturo-b-cmu/cve-2016-20012 (github-poc)
- validation de l'exploitabilité d'une CVE (github-poc)
- validation de l'exploitabilité d'une CVE (github-poc)
- validation de l'exploitabilité d'une CVE (github-poc)
- validation de l'exploitabilité d'une CVE (github-poc)
- Spring Web 5.x with `org.springframework.remoting` package removed, to fix CVE-2016-1000027. (github-poc)
- Spring Web 5.x with `org.springframework.remoting` package removed, to fix CVE-2016-1000027. (github-poc)
…and 262 more exploits
Timeline
- Jun 9, 2023 PoC Published
- Jul 15, 2023 PoC Published
- Nov 4, 2023 PoC Published
- Dec 8, 2023 PoC Published
- Mar 1, 2024 PoC Published
- Apr 5, 2024 PoC Published
- Jul 17, 2024 PoC Published
- Apr 18, 2025 PoC Published
- Apr 21, 2025 PoC Published
- Apr 21, 2025 PoC Published
- Apr 21, 2025 PoC Published
- Apr 21, 2025 PoC Published
References
- https://discuss.elastic.co/t/kibana-8-19-13-9-2-7-9-3-2-security-update-esa-2026-20/385535 url
- https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-security-update-esa-2026-18/385534 advisory
- https://discuss.elastic.co/t/logstash-8-19-10-9-1-10-9-2-4-security-update-esa-2026-06/385531 advisory
- https://discuss.elastic.co/t/packetbeat-8-19-11-9-2-5-security-update-esa-2026-11/385533 advisory
- https://discuss.elastic.co/t/metricbeat-8-19-13-9-2-5-security-update-esa-2026-09/385532 advisory
- https://discuss.elastic.co/t/kibana-8-19-12-9-2-6-9-3-1-security-update-esa-2026-19/385530 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-26940 advisory
- https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6 url
- https://lists.debian.org/debian-lts-announce/2025/12/msg00000.html url