AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-4538: A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loadi

mediumvulnerability

security

Source: NVD/CVE DatabaseMarch 22, 2026CVE-2026-4538

Summary

PyTorch 2.10.0 contains a vulnerability in its pt2 Loading Handler component that allows unsafe deserialization (loading data in a way that can execute unintended code) through an unknown function. The vulnerability can only be exploited locally (by someone with access to the affected computer), but an exploit is publicly available, and the PyTorch team has not yet responded to the initial report.

Vulnerability Details

CVSS Score

5.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

local

Attack Complexity

low

Privileges Required

low

User Interaction

none

Disclosure Date

March 22, 2026

Classification

Attack Type

Model Poisoning

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

Taxonomy References

CWE (Weakness Type)

CWE-20 CWE-502

CAPEC (Attack Pattern)

CAPEC-586

Affected Vendors

Related Issues

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

Similar attackNVD/CVE Database

info

Model Stability Defense Against Model Poisoning in Federated Learning

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-4538

First tracked: March 22, 2026 at 02:07 AM

Classified by LLM (prompt v3) · confidence: 85%