CVE-2026-24747

Name of the Vulnerable Software and Affected Versions PyTorch versions prior to 2.10.0

Description PyTorch, a Python package for tensor computation, has an issue in its weights only unpickler. An attacker can create a malicious checkpoint file (.pth) that, when loaded using torch.load(..., weights only=True), can cause memory corruption and potentially lead to arbitrary code execution. The vulnerability stems from improper validation of pickle opcodes and storage metadata within the weights only=True unpickler, specifically related to heap memory corruption via SETITEM/SETITEMS opcodes applied to non-dictionary types and storage size mismatches. The vulnerability is fully weaponized and can lead to remote code execution on any service that supports uploading and running a PyTorch model, even with security hardening.

Recommendations Versions prior to 2.10.0 should be updated to version 2.10.0 or later.