CVE-2026-44484: PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introdu
criticalvulnerability
security
Summary
PyTorch Lightning (a framework for training and adjusting AI models) versions 2.6.2 have introduced a credential harvesting mechanism (a way to steal login information), rated as critical severity with a CVSS score (a 0-10 rating of how severe a vulnerability is) of 9.3. The vulnerability allows attackers to gain complete control over the affected system without needing special access or user interaction.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
May 14, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44484
First tracked: May 14, 2026 at 02:11 PM
Classified by LLM (prompt v3) · confidence: 85%