CVE-2026-24747

NameCVE-2026-24747
DescriptionPyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pytorch (PTS)bullseye1.7.1-7vulnerable
bullseye (security)1.7.1-7+deb11u1vulnerable
bookworm1.13.1+dfsg-4vulnerable
trixie2.6.0+dfsg-7vulnerable
forky, sid2.6.0+dfsg-9vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pytorchsource(unstable)(unfixed)

Notes

https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p
https://github.com/pytorch/pytorch/issues/163105
Fixed by: https://github.com/pytorch/pytorch/commit/167ad09be5af5c52666759412a3804068c6955d1
Search for package or bug name: Reporting problems