110 matches found
CVE-2026-58659
A flaw was found in PyTorch Lightning. This vulnerability allows attackers to achieve remote code execution by crafting malicious checkpoint files. These files exploit a weakness in the loadstate function, which imports and executes attacker-controlled module names from checkpoint instantiator...
CVE-2026-58659
PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...
EUVD-2026-44751
PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...
CVE-2026-58659
PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...
CVE-2026-58659
Summary: CVE-2026-58659 affects PyTorch Lightning up to version 2.6.5. The vulnerability lies in the _load_state function, which can import and execute attacker-controlled module names from the checkpoint _instantiator hyperparameters, enabling remote code execution when LightningModule.load_from...
CVE-2026-58659 PyTorch Lightning Arbitrary Code Execution via _instantiator Hyperparameter
PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...
PYSEC-2026-508 Compromise of PyTorch Lightning PyPi Package Versions
Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484 We have identified a security incident affecting certain versions of one of our PyPI packages. What happened We have determined that one or more...
PYSEC-2026-386 pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...
PYSEC-2026-385 Remote code execution in pytorch lightning
A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...
CVE-2026-31221
PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...
CVE-2026-44484
A flaw was found in PyTorch Lightning. This deep learning framework introduced functionality that could be leveraged as a credential harvesting mechanism. A remote attacker could exploit this to obtain sensitive user credentials, leading to significant information disclosure and potential further...
CVE-2026-44484
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...
EUVD-2026-30303
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...
CVE-2026-44484
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...
CVE-2026-44484 Compromise of PyTorch Lightning PyPi Package Versions
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...
CVE-2026-44484
PyTorch Lightning PyPI package versions 2.6.2 and 2.6.3 have been compromised, introducing functionality consistent with a credential harvesting mechanism. This is reflected across CVE-2026-44484 and associated advisories (GHSA-w37p-236h-pfx3; OSV). The root cause is under investigation; affected...
CVE-2026-44484 Compromise of PyTorch Lightning PyPi Package Versions
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...
PyTorch Lightning 安全漏洞
PyTorch Lightning is an open-source deep learning model pre-training and fine-tuning framework developed by Lightning AI. Version 2.6.2 and 2.6.2 of PyTorch Lightning contain security vulnerabilities, which stem from the introduction of features similar to those used in credential collection...
Linux Distros Unpatched Vulnerability : CVE-2026-31221
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The...
ablation (=0.1.0), ace-step (=0.1.0) +579 more potentially affected by CVE-2026-31221 via pytorch-lightning (>=0.10.0 <=2.6.0)
pytorch-lightning PYPI version =0.10.0, =1.0.1, =2.1.16, =1.3.0, =0.8.1, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =0.9.2, =0.1.16, =1.0.1rc1 and more Source cves: CVE-2026-31221 Source advisory: OSV:GHSA-75M9-98V2-HJPM...