QwikSec

Security Database

CVE

CWE

Training

CVE-2026-24747

Published: Jan 27, 2026

Modified: Feb 26, 2026

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.

Vendor	Product	Versions
pytorch	pytorch	affected `< 2.10.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p

x_refsource_CONFIRM

https://github.com/pytorch/pytorch/issues/163105

x_refsource_MISC

https://github.com/pytorch/pytorch/163122/commit/954dc5183ee9205cbe79876ad05dd2d9ae752139

x_refsource_MISC

https://github.com/pytorch/pytorch/releases/tag/v2.10.0

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.