What is the CVSS score of CVE-2026-31221?

CVE-2026-31221 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of PyTorch Lightning are affected by CVE-2026-31221?

PyTorch Lightning versions 2.6.0 and earlier contain an arbitrary code execution vulnerability in checkpoint file loading that could allow attackers to execute malicious code when users open…

PyTorch Lightning CVE-2026-31221

EUVD-2026-29505 HIGH

Deserialization of Untrusted Data (CWE-502)

2026-05-12 mitre

GHSA-75m9-98v2-hjpm

RCE Python Deserialization Checkpoint

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 14, 2026 - 21:16 vuln.today

CVSS changed

May 14, 2026 - 19:07 NVD

7.8 (HIGH)

CVE Published

May 12, 2026 - 00:00 nvd

HIGH 7.8

CVE Published

May 12, 2026 - 00:00 nvd

UNKNOWN (no severity yet)

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

4 pypi packages depend on pytorch-lightning (3 direct, 1 indirect)

Ecosystem-wide dependent count for version 2.6.0.

DescriptionNVD

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() method, which is commonly used to load saved model states, internally calls torch.load() without setting the security-restrictive weights_only=True parameter. This default behavior allows the deserialization of arbitrary Python objects via the Pickle module. A remote attacker can exploit this by providing a maliciously crafted checkpoint file, leading to arbitrary code execution on the victim's system when the file is loaded.

AnalysisAI

Arbitrary code execution occurs in PyTorch Lightning 2.6.0 and earlier when loading malicious checkpoint files. The LightningModule.load_from_checkpoint() method deserializes untrusted Pickle data without security restrictions, allowing attackers to execute arbitrary Python code when victims open crafted .ckpt files. …

RemediationAI

Within 24 hours: Identify all PyTorch Lightning installations (versions ≤2.6.0) across data science, ML ops, and research environments using software inventory tools; restrict access to checkpoint files from untrusted sources and implement file scanning policies. Within 7 days: Establish a policy requiring security review before loading checkpoints from external sources, and document approved checkpoint sources; monitor for vendor patch releases. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-31221 vulnerability details – vuln.today

Back

PyTorch Lightning CVE-2026-31221

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code