Lucene search
+L

110 matches found

RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-58659

A flaw was found in PyTorch Lightning. This vulnerability allows attackers to achieve remote code execution by crafting malicious checkpoint files. These files exploit a weakness in the loadstate function, which imports and executes attacker-controlled module names from checkpoint instantiator...

8.4CVSS6.4AI score0.00235EPSS
Exploits0References7
NVD
NVD
added 3 days ago5 views

CVE-2026-58659

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS0.00235EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44751

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS6.6AI score0.00235EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-58659

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS6.6AI score0.00235EPSS
Exploits0References5
CVE
CVE
added 3 days ago8 views

CVE-2026-58659

Summary: CVE-2026-58659 affects PyTorch Lightning up to version 2.6.5. The vulnerability lies in the _load_state function, which can import and execute attacker-controlled module names from the checkpoint _instantiator hyperparameters, enabling remote code execution when LightningModule.load_from...

8.4CVSS6.6AI score0.00235EPSS
Exploits0References4
OSV
OSV
added 3 days ago4 views

CVE-2026-58659 PyTorch Lightning Arbitrary Code Execution via _instantiator Hyperparameter

PyTorch Lightning through 2.6.5, fixed in commit d710d68, contains a remote code execution vulnerability in the loadstate function that imports and executes attacker-controlled module names from checkpoint instantiator hyperparameters. Attackers can craft malicious checkpoint files that bypass...

8.4CVSS6.6AI score0.00235EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-508 Compromise of PyTorch Lightning PyPi Package Versions

Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions Published: 2026-04-30 Last Updated: 2026-05-12 Github Advisory: CVE-2026-44484 We have identified a security incident affecting certain versions of one of our PyPI packages. What happened We have determined that one or more...

9.8CVSS5.9AI score0.00392EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-386 pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint

A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz files. When the LightningApp is running with the pluginserver, attackers can deploy malicious tar.gz plugins that embed arbitrary files with path...

9.1CVSS7.7AI score0.01307EPSS
Exploits1References8
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-385 Remote code execution in pytorch lightning

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

9.8CVSS8AI score0.26488EPSS
Exploits3References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-31221

PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The LightningModule.loadfromcheckpoint method, which is commonly used to load saved model states, internally calls torch.load without setting the...

8.8CVSS6.2AI score0.00385EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/15 6:8 a.m.27 views

CVE-2026-44484

A flaw was found in PyTorch Lightning. This deep learning framework introduced functionality that could be leveraged as a credential harvesting mechanism. A remote attacker could exploit this to obtain sensitive user credentials, leading to significant information disclosure and potential further...

9.8CVSS5.7AI score0.00392EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 3:16 p.m.75 views

CVE-2026-44484

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.8CVSS0.00392EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/14 2:59 p.m.42 views

EUVD-2026-30303

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.3CVSS5.8AI score0.00392EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:59 p.m.9 views

CVE-2026-44484

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.3CVSS5.8AI score0.00392EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 2:59 p.m.8 views

CVE-2026-44484 Compromise of PyTorch Lightning PyPi Package Versions

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.3CVSS5.8AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 2:59 p.m.40 views

CVE-2026-44484

PyTorch Lightning PyPI package versions 2.6.2 and 2.6.3 have been compromised, introducing functionality consistent with a credential harvesting mechanism. This is reflected across CVE-2026-44484 and associated advisories (GHSA-w37p-236h-pfx3; OSV). The root cause is under investigation; affected...

9.8CVSS5.8AI score0.00392EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/14 2:59 p.m.94 views

CVE-2026-44484 Compromise of PyTorch Lightning PyPi Package Versions

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism...

9.3CVSS0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

PyTorch Lightning 安全漏洞

PyTorch Lightning is an open-source deep learning model pre-training and fine-tuning framework developed by Lightning AI. Version 2.6.2 and 2.6.2 of PyTorch Lightning contain security vulnerabilities, which stem from the introduction of features similar to those used in credential collection...

9.8CVSS5.8AI score0.00392EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-31221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deserialization vulnerability CWE-502 in the checkpoint loading mechanism. The...

8.8CVSS6.3AI score0.00385EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/05/12 6:30 p.m.11 views

ablation (=0.1.0), ace-step (=0.1.0) +579 more potentially affected by CVE-2026-31221 via pytorch-lightning (>=0.10.0 <=2.6.0)

pytorch-lightning PYPI version =0.10.0, =1.0.1, =2.1.16, =1.3.0, =0.8.1, =1.8.15, =1.8.17, =1.8.14, =1.0.0, =0.9.2, =0.1.16, =1.0.1rc1 and more Source cves: CVE-2026-31221 Source advisory: OSV:GHSA-75M9-98V2-HJPM...

8.8CVSS5.7AI score0.00385EPSS
Exploits1
Rows per page
Query Builder