Python CVE-2026-24747
HIGH
GHSA-63cw-57p8-fm3p
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionNVD
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's weights_only unpickler allows an attacker to craft a malicious checkpoint file (.pth) that, when loaded with torch.load(..., weights_only=True), can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.
AnalysisAI
PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all systems running PyTorch, isolate affected systems from production networks if possible, and establish monitoring for exploitation attempts. Within 7 days: Implement network segmentation to restrict PyTorch application access, disable PyTorch services where not business-critical, and apply input validation/sanitization controls. …
Sign in for detailed remediation steps.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today