Skip to main content

PyTorch Lightning CVE-2026-44484

| EUVDEUVD-2026-30303 CRITICAL
Embedded Malicious Code (CWE-506)
2026-05-07 https://github.com/Lightning-AI/pytorch-lightning GHSA-w37p-236h-pfx3
9.3
CVSS 4.0 · Vendor: https://github.com/Lightning-AI/pytorch-lightning
Share

Severity by source

Vendor (https://github.com/Lightning-AI/pytorch-lightning) PRIMARY
9.3 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Red Hat
9.8 HIGH
qualitative

Primary rating from Vendor (https://github.com/Lightning-AI/pytorch-lightning).

CVSS VectorVendor: https://github.com/Lightning-AI/pytorch-lightning

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
May 14, 2026 - 15:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
May 14, 2026 - 15:22 vuln.today
cvss_changed
CVSS changed
May 14, 2026 - 15:22 NVD
9.3 (CRITICAL)
Source Code Evidence Fetched
May 07, 2026 - 01:15 vuln.today
Analysis Generated
May 07, 2026 - 01:15 vuln.today
CVE Published
May 07, 2026 - 00:52 nvd
CRITICAL

DescriptionCVE.org

Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions

Published: 2026-04-30 Last Updated: 2026-04-30

Lightning AI has identified a security incident affecting certain versions of a PyPI package.

What happened

Lightning AI has determined that one or more released versions of this package have been compromised and include malicious code.

The current investigation indicates that the affected versions have introduced functionality consistent with a credential harvesting mechanism. There is a continuing analysis the scope and behaviour of the code.

At this stage, the root cause of the compromise is still under investigation.

What versions are affected

Lightning AI is currently working to confirm the exact set of impacted versions.

The following versions are determined as affected, and developers should delete them from their systems:

  • 2.6.2
  • 2.6.3

Lightning AI will update this advisory if the versions impacted by this vulnerability change.

What you should do immediately

If developers have installed or are running any potentially affected versions on their application:

  • Assume the environment may be compromised
  • Immediately rotate all credentials and secrets that may have been exposed, including:
  • API keys
  • Access tokens
  • SSH keys
  • Service account credentials
  • Rebuild affected systems from a known clean state
  • Pin PyTorch Lightning to version 2.6.1
  • Review logs for any suspicious or unauthorised activity

Actions Lightning AI has taken

  • Quarantined malicious versions from PyPI
  • Recommended using version 2.6.1: https://github.com/Lightning-AI/pytorch-lightning/releases/tag/2.6.1
  • Revoked and rotated all internal credentials associated with our release process
  • Initiated a full investigation into the compromise

Ongoing investigation

Lightning AI is actively working to:

  • Identify the exact mechanism of compromise
  • Confirm the full set of affected versions
  • Determine the behaviour and impact of the malicious code
  • Assess any downstream impact to users

Lightning AI will provide updates as soon as more information becomes available.

Commitment to transparency

Lightning AI takes the security of users and the integrity of the software supply chain extremely seriously.

Lightning AI will continue to share timely and accurate updates as the investigation progresses.

Contact

If there are any questions or if there are concerns that a consuming project may be impacted, please send an email to:

security@lightning.ai

AnalysisAI

Supply chain compromise in PyTorch Lightning versions 2.6.2 and 2.6.3 delivers credential-harvesting malware through the official PyPI distribution channel. Lightning AI confirmed malicious code was injected into these specific releases, targeting API keys, access tokens, SSH keys, and service account credentials. The compromised versions were quarantined from PyPI and users are directed to downgrade to known-clean version 2.6.1. The CVSS 9.3 score reflects network-accessible exploitation requiring no authentication or user interaction, though exploitation is limited to systems that specifically installed the two poisoned versions.

Technical ContextAI

This is a software supply chain attack (CWE-506: Embedded Malicious Code) targeting the Python Package Index (PyPI) distribution mechanism for pytorch-lightning. The malicious code was inserted directly into official package releases 2.6.2 and 2.6.3, making this a compromise of the software build/release pipeline rather than a traditional code vulnerability. The credential harvesting mechanism embedded in these versions operates at the Python package level, executing during installation or import of the compromised library. This attack vector exploits the trust relationship between developers and the PyPI ecosystem, similar to previous supply chain incidents affecting other Python packages. The CPE identifier pkg:pip/pytorch-lightning confirms the Python pip package manager distribution channel was the attack vector.

RemediationAI

Immediately audit all systems for pytorch-lightning installations using 'pip list | grep pytorch-lightning' or equivalent package manager commands. If versions 2.6.2 or 2.6.3 are detected, treat the entire environment as compromised: rotate ALL credentials potentially accessible to the runtime environment including API keys, access tokens, SSH keys, database passwords, cloud service credentials, and certificate private keys. Rebuild affected systems from known-clean state or at minimum uninstall the compromised package and install version 2.6.1 using 'pip install pytorch-lightning2.6.1'. Pin the version in requirements.txt or pyproject.toml to prevent automatic upgrades: 'pytorch-lightning2.6.1'. Review application logs, CloudTrail/Azure Activity logs, and authentication logs for unauthorized access patterns during the exposure window. Monitor the vendor advisory (https://github.com/Lightning-AI/pytorch-lightning/security/advisories/GHSA-w37p-236h-pfx3) for updates as investigation may reveal additional compromised versions or specific indicators of compromise. NO technical workaround exists for already-installed malicious code beyond complete removal and credential rotation.

Vendor StatusVendor

Share

CVE-2026-44484 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy