CVE-2026-15531: A vulnerability has been found in yashbhalgat HashNeRF-pytorch up to 82885e698295982504eb6a26d060a6b2473e3706. Affected
Summary
A vulnerability (CVE-2026-15531) exists in HashNeRF-pytorch's checkpoint file handler that allows unsafe deserialization (converting data back into code objects) when loading files through the torch.load function. An attacker with local access can manipulate the checkpoint file path to execute arbitrary code, and the exploit is publicly known.
Vulnerability Details
5.3(medium)
EPSS: 0.1%
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
local
low
low
none
July 13, 2026
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-15531
First tracked: July 13, 2026 at 02:09 PM
Classified by LLM (prompt v3) · confidence: 75%