PT-2026-53580 · Pypi · Pytorch-Lightning
Published
2026-06-29
·
Updated
2026-06-29
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
In lightning-ai/pytorch-lightning version 2.3.2, a vulnerability exists in the
LightningApp when running on a Windows host. The vulnerability occurs at the /api/v1/upload file/ endpoint, allowing an attacker to write or overwrite arbitrary files by providing a crafted filename. This can lead to potential remote code execution (RCE) by overwriting critical files or placing malicious files in sensitive locations.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pytorch-Lightning