CVE-2026-31221

Name of the Vulnerable Software and Affected Versions PyTorch-Lightning versions 2.6.0 and earlier

Description An insecure deserialization issue exists in the checkpoint loading mechanism. The load from checkpoint() function in LightningModule internally calls torch.load() without the weights only=True parameter. This allows the deserialization of arbitrary Python objects via the Pickle module, which is a process of converting a byte stream back into an object. A remote attacker can provide a maliciously crafted checkpoint file to achieve arbitrary code execution on the system when the file is loaded.

Recommendations Update PyTorch-Lightning to a version later than 2.6.0. As a temporary workaround, avoid loading checkpoint files from untrusted sources using the load from checkpoint() function.