{"data":{"id":"0094f375-5206-4226-9066-26e543ebde09","title":"CVE-2026-24747: PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `wei","summary":"PyTorch (a Python package for tensor computation) versions before 2.10.0 have a vulnerability in the `weights_only` unpickler that allows attackers to create malicious checkpoint files (.pth files, which store model data) triggering memory corruption and potentially arbitrary code execution (running attacker-chosen commands) when loaded with `torch.load(..., weights_only=True)`. This is a deserialization vulnerability (a weakness where loading untrusted data can be exploited).","solution":"Update to PyTorch version 2.10.0 or later, which fixes the issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-24747","publishedAt":"2026-01-28T03:15:56.470Z","cveId":"CVE-2026-24747","cweIds":["CWE-94","CWE-502"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["model_theft"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Meta"],"affectedVendorsRaw":["PyTorch"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00044,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242","CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}