CVE-2024-5452: A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to im
criticalvulnerability
security
Summary
PyTorch Lightning version 2.2.1 has a critical vulnerability where attackers can execute arbitrary code on self-hosted applications by crafting malicious serialized data (deepdiff.Delta objects, which are used to represent changes to data). The vulnerability exists because the application doesn't properly block access to dunder attributes (special Python attributes starting with underscores), allowing attackers to bypass security restrictions and modify the application's state.
Vulnerability Details
CVSS Score
9.8(critical)
EPSS (30-day exploit probability)
EPSS: 56.7%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
NVIDIA
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-5452
First tracked: February 15, 2026 at 08:37 PM
Classified by LLM (prompt v3) · confidence: 95%