CVE-2026-24747 – A vulnerability in PyTorch's `weights

Q: What is the severity of CVE-2026-24747?

CVE-2026-24747 has a CVSS score of 8.8 (HIGH). A vulnerability in PyTorch's `weights_only` unpickler allows attackers to craft malicious checkpoint files (.pth) that, when loaded, can corrupt memory and potentially lead to arbitrary code execution. This affects all PyTorch users who load untrusted checkpoint files with `torch.load(..., weights_only=True)`. The vulnerability is fixed in version 2.10.0.

📋 TL;DR

A vulnerability in PyTorch's `weights_only` unpickler allows attackers to craft malicious checkpoint files (.pth) that, when loaded, can corrupt memory and potentially lead to arbitrary code execution. This affects all PyTorch users who load untrusted checkpoint files with `torch.load(..., weights_only=True)`. The vulnerability is fixed in version 2.10.0.

💻 Affected Systems

Products:

PyTorch

Versions: All versions prior to 2.10.0

Operating Systems: All platforms running PyTorch

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is triggered when loading checkpoint files with `torch.load(..., weights_only=True)`. The `weights_only=True` parameter was intended to provide security but was insufficient.

📦 What is this software?

Pytorch by Linuxfoundation

View all CVEs affecting Pytorch →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary code execution with the privileges of the PyTorch process, potentially leading to full system compromise.

🟠

Likely Case

Memory corruption leading to application crashes, denial of service, or limited code execution depending on exploit sophistication.

🟢

If Mitigated

No impact if only trusted checkpoint files are loaded or if the system is patched.

🌐 Internet-Facing: MEDIUM - Risk exists if web applications load user-uploaded PyTorch checkpoint files.

🏢 Internal Only: LOW - Risk primarily exists when loading untrusted checkpoint files, which is less common in internal-only environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires the victim to load a malicious checkpoint file. No public exploit code has been disclosed as of the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.10.0

Vendor Advisory: https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p

Restart Required: No

Instructions:

1. Upgrade PyTorch to version 2.10.0 or later using pip: `pip install --upgrade torch==2.10.0`. 2. Verify the upgrade completed successfully. 3. No restart is required for Python processes, but applications using PyTorch should be reloaded.

🔧 Temporary Workarounds

Avoid loading untrusted checkpoint files

all

Do not load PyTorch checkpoint files from untrusted sources with `torch.load(..., weights_only=True)`.

Use pickle with caution

all

If `weights_only=True` cannot be avoided, consider additional validation of checkpoint files before loading.

🧯 If You Can't Patch

Implement strict access controls to prevent loading of untrusted checkpoint files.
Monitor for abnormal application behavior or crashes when loading checkpoint files.

🔍 How to Verify

Check if Vulnerable:

Check PyTorch version: if below 2.10.0 and using `torch.load(..., weights_only=True)` with untrusted files, the system is vulnerable.

Check Version:

python -c "import torch; print(torch.__version__)"

Verify Fix Applied:

Verify PyTorch version is 2.10.0 or higher and test loading known safe checkpoint files with `weights_only=True` to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Application crashes or errors when loading PyTorch checkpoint files
Unusual memory usage patterns in PyTorch processes

Network Indicators:

Downloads of PyTorch checkpoint files from untrusted sources

SIEM Query:

Search for process executions of Python scripts loading .pth files with torch.load and errors/crashes following those events.

📊 Metadata

CVE ID: CVE-2026-24747

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 0.02% exploit probability (5.3th percentile)

Published: January 27, 2026

Last Updated: January 30, 2026

🔗 References

https://github.com/pytorch/pytorch/163122/commit/954dc5183ee9205cbe79876ad05dd2d9ae752139 Broken Link
https://github.com/pytorch/pytorch/issues/163105 Exploit,Issue Tracking
https://github.com/pytorch/pytorch/releases/tag/v2.10.0 Product,Release Notes
https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-24747, you might also want to check these: