CVE-2026-24747Code Injection in Pytorch

CWE-94Code InjectionCWE-502Deserialization of Untrusted Data7 documents6 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 84.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PytorchLinuxfoundation PytorchDebian Pytorch
Timeline
PublishedJan 27

Description

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5pytorch/pytorch< 2.10.0

🔴Vulnerability Details

3
OSV
PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files2026-01-27
OSV
CVE-2026-24747: PyTorch is a Python package that provides tensor computation2026-01-27
GHSA
PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files2026-01-27

📋Vendor Advisories

2
Red Hat
pytorch: PyTorch: Arbitrary code execution via malicious checkpoint file loading2026-01-27
Debian
CVE-2026-24747: pytorch - PyTorch is a Python package that provides tensor computation. Prior to version 2...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-24747 Impact, Exploitability, and Mitigation Steps | Wiz