Plateforme
python
Composant
pytorch
Corrigé dans
2.10.1
CVE-2026-24747 is a Remote Code Execution (RCE) vulnerability affecting PyTorch versions up to 2.10.0. An attacker can craft a malicious checkpoint file (.pth) that, when loaded using torch.load(..., weights_only=True), can corrupt memory and potentially lead to arbitrary code execution. This vulnerability is addressed in PyTorch version 2.10.0.
The impact of this vulnerability is significant. Successful exploitation allows an attacker to execute arbitrary code on the system running the PyTorch application. This could lead to complete system compromise, data theft, or denial of service. The weights_only=True loading option, intended for efficient model deployment, introduces a deserialization vulnerability that can be exploited to overwrite memory regions. Attackers could potentially inject malicious code into the process, gaining control over the application and potentially the underlying system. The ease of crafting malicious checkpoint files, coupled with the widespread use of PyTorch in machine learning applications, increases the potential attack surface.
CVE-2026-24747 was publicly disclosed on January 27, 2026. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is likely to emerge given the nature of the vulnerability and its potential impact. The ease of exploitation makes it a likely target for opportunistic attackers.
Organizations and individuals using PyTorch for machine learning development and deployment are at risk, particularly those relying on the weights_only=True loading option for model efficiency. Shared hosting environments where multiple users can upload and load models are especially vulnerable.
• python / system: Monitor for unusual memory access patterns during .pth file loading using memory profiling tools.
• python / application: Implement logging around torch.load calls to track file sources and loading parameters.
• generic web: If PyTorch models are served via a web application, monitor for suspicious file uploads or requests for .pth files.
• generic web: Check access logs for requests containing .pth extensions, especially from untrusted sources.
disclosure
Statut de l'Exploit
EPSS
0.04% (percentile 13%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-24747 is to upgrade to PyTorch version 2.10.0 or later, which contains the fix. If upgrading is not immediately feasible, consider restricting access to the torch.load function and carefully validating the source of any .pth files before loading them. Implement strict input validation and sanitization to prevent the loading of untrusted checkpoint files. While a WAF is unlikely to directly address this vulnerability, it can help prevent the upload of malicious .pth files. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring for unusual memory access patterns during .pth file loading could be a potential detection strategy.
Actualice PyTorch a la versión 2.10.0 o superior. Esto corrige la vulnerabilidad que permite la ejecución remota de código a través de archivos de checkpoint no confiables. Asegúrese de descargar la nueva versión desde la fuente oficial.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-24747 is a Remote Code Execution vulnerability in PyTorch versions up to 2.10.0. Malicious checkpoint files can corrupt memory, potentially allowing attackers to execute arbitrary code.
You are affected if you are using PyTorch versions 2.10.0 or earlier. Upgrade to 2.10.0 or later to mitigate the risk.
Upgrade to PyTorch version 2.10.0 or later. If upgrading is not possible immediately, restrict access to torch.load and validate the source of .pth files.
While there is no confirmed active exploitation at this time, the vulnerability's potential impact and ease of exploitation make it a likely target for attackers.
Refer to the official PyTorch security advisories on the PyTorch website or GitHub repository for the latest information and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.