Lucene search
K

7 matches found

NVD
NVD
added yesterday4 views

CVE-2026-58659

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-58659

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS6.6AI score
Exploits0References5
EUVD
EUVD
added yesterday4 views

EUVD-2026-44751

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS6.6AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.2AI score0.00385EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/12 5:22 p.m.7 views

Deserialization of Untrusted Data

Overview pytorch-lightning is a lightweight PyTorch wrapper for ML researchers. Scale your models. Write less boilerplate. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the LightningModule.loadfromcheckpoint function. Any workflow that calls this functio...

9.8CVSS6.2AI score0.00385EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

Pytorch-Lightning 安全漏洞

PyTorch-Lightning is an open-source lightweight PyTorch wrapper developed by Lightning AI in the United States. It is used for high-performance AI research. Versions of PyTorch-Lightning prior to 2.6.0 contain security vulnerabilities. These vulnerabilities stem from the...

8.8CVSS6.2AI score0.00385EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 12:0 a.m.22 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability (CWE-502) in the checkpoint loading mechanism. The LightningModule.load_from_checkpoint() (and related checkpoint loading paths) call torch.load() without weights_only=True, allowing deserialization of ...

8.8CVSS6.3AI score0.00385EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder