CVE-2026-24747
- Source
- https://cve.org/CVERecord?id=CVE-2026-24747
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24747.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-24747
- Aliases
- Downstream
- Published
- 2026-01-27T21:13:46.878Z
- Modified
- 2026-02-26T19:35:59.829102Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files
- Details
-
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's
weights_onlyunpickler allows an attacker to craft a malicious checkpoint file (.pth) that, when loaded withtorch.load(..., weights_only=True), can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue. - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-502", "CWE-94" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24747.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24747.json
- https://github.com/pytorch/pytorch/163122/commit/954dc5183ee9205cbe79876ad05dd2d9ae752139
- https://github.com/pytorch/pytorch/issues/163105
- https://github.com/pytorch/pytorch/releases/tag/v2.10.0
- https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p
- https://nvd.nist.gov/vuln/detail/CVE-2026-24747
Affected packages
Git / github.com/pytorch/pytorch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pytorch/pytorch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
bc2caa7fdf006894eff7af936babde69ab5a40f8-huydhn-debug
ciflow/inductor/3b9a386
ciflow/inductor/3d4b92b
ciflow/inductor/d224ac7
ciflow/periodic/054a2fd
ciflow/periodic/2a6d37d
ciflow/periodic/317eeb8
ciflow/periodic/3c32
ciflow/periodic/3e98831
ciflow/periodic/94512-point
ciflow/periodic/csl/test87519
ciflow/periodic/csltest88275
ciflow/periodic/csltest88761
ciflow/periodic/sha-ec5b83
ciflow/slow/01c7106
ciflow/slow/0577043
ciflow/slow/0d5b74da0cab798fbfdb9caa53fad816999c8386-sdym
ciflow/slow/0e81104
ciflow/slow/1732077
ciflow/slow/187eb7c
ciflow/slow/1faef89
ciflow/slow/3920ec1
ciflow/slow/3b7c6b2
ciflow/slow/59a3759
ciflow/slow/70ef0bb
ciflow/slow/788ff06
ciflow/slow/8751002215790a3a88750faa8f4366933e296693-sdym
ciflow/slow/9d85864
ciflow/slow/9ffad5b
ciflow/slow/a206e8b
ciflow/slow/a837609
ciflow/slow/af841f3
ciflow/slow/da3aba1e46157c4df504b067477cdf2b3c96b194-sdym
ciflow/unstable/123
cslpull75
cslpull76
cslpull77
cslpull78
cslpull79
cslpull80
cslpull81
cslpull82
cslpull83
cslpull84
cslpull85
cslpull86
cslpull87
cslpull88
cslpull89
cslpull90
cslpull91
cslpull92
forpull1
malfet/tag-2ef5611
malfet/tag-317b1a0
malfet/tag-ec6f767
nightly-binary
viable/strict/1759343184
viable/strict/1759346540
viable/strict/1759348181
viable/strict/1759350324
viable/strict/1759351793
viable/strict/1759353844
viable/strict/1759355374
viable/strict/1759357472
viable/strict/1759361002
viable/strict/1759362585
viable/strict/1759365359
viable/strict/1759370089
viable/strict/1759377554
viable/strict/1759379133
viable/strict/1759389871
viable/strict/1759393562
viable/strict/1759395076
viable/strict/1759398579
viable/strict/1759404142
viable/strict/1759405773
viable/strict/1759408041
viable/strict/1759411593
viable/strict/1759427395
viable/strict/1759434582
viable/strict/1759436720
viable/strict/1759440219
viable/strict/1759441948
viable/strict/1759443860
viable/strict/1759445377
viable/strict/1759447415
viable/strict/1759451750
viable/strict/1759453910
viable/strict/1759456483
viable/strict/1759459279
viable/strict/1759460742
viable/strict/1759462025
viable/strict/1759469086
viable/strict/1759470581
viable/strict/1759472786
viable/strict/1759476294
viable/strict/1759479963
viable/strict/1759492177
viable/strict/1759519278
viable/strict/1759524580
viable/strict/1759528193
viable/strict/1759533797
viable/strict/1759542780
viable/strict/1759549779
viable/strict/1759555455
viable/strict/1759559176
viable/strict/1759560629
viable/strict/1759569848
viable/strict/1759571382
viable/strict/1759573474
viable/strict/1759618187
viable/strict/1759626742
viable/strict/1759632427
viable/strict/1759634971
viable/strict/1759661382
viable/strict/1759663294
viable/strict/1759708178
viable/strict/1759715695
viable/strict/1759728293
viable/strict/1759735513
viable/strict/1759739177
viable/strict/1759758635
viable/strict/1759765784
viable/strict/1759767948
viable/strict/1759771461
viable/strict/1759776706
viable/strict/1759782317
viable/strict/1759783777
viable/strict/1759785815
viable/strict/1759789459
viable/strict/1759790974
viable/strict/1759794583
viable/strict/1759797408
viable/strict/1759799518
viable/strict/1759804909
viable/strict/1759807643
viable/strict/1759809089
viable/strict/1759811145
viable/strict/1759812581
viable/strict/1759814683
viable/strict/1759821889
viable/strict/1759823376
viable/strict/1759827107
viable/strict/1759830577
viable/strict/1759832720
viable/strict/1759842063
viable/strict/1759847121
viable/strict/1759850721
viable/strict/1759857870
viable/strict/1759863143
viable/strict/1759875874
viable/strict/1759877385
viable/strict/1759883801
viable/strict/1759885922
viable/strict/1759888488
viable/strict/1759895471
viable/strict/1759904803
viable/strict/1759908300
viable/strict/1759915520
viable/strict/1759916978
viable/strict/1759930024
viable/strict/1759948122
viable/strict/1759952983
viable/strict/1759955121
viable/strict/1759962298
viable/strict/1759965837
viable/strict/1759970213
viable/strict/1759974894
viable/strict/1759977763
viable/strict/1759979241
viable/strict/1759985417
viable/strict/1759987490
viable/strict/1759996180
viable/strict/1760065682
viable/strict/1760066894
viable/strict/1760070345
viable/strict/1760089782
viable/strict/1760091921
viable/strict/1760127924
viable/strict/1760129489
viable/strict/1760132980
viable/strict/1760135060
viable/strict/1760215782
viable/strict/1760273849
viable/strict/1760275517
viable/strict/1760276979
viable/strict/1760279007
viable/strict/1760286328
viable/strict/1760493304
viable/strict/1760496298
viable/strict/1760518396
viable/strict/1760534864
viable/strict/1760549062
viable/strict/1760552799
viable/strict/1760554355
viable/strict/1760556275
viable/strict/1760564979
viable/strict/1760567049
viable/strict/1760568585
viable/strict/1760570630
viable/strict/1760572180
viable/strict/1760575094
viable/strict/1760579709
viable/strict/1760582614
viable/strict/1760586815
viable/strict/1760588829
viable/strict/1760590200
viable/strict/1760592311
viable/strict/1760619733
viable/strict/1760628335
viable/strict/1760635490
viable/strict/1760640743
viable/strict/1760642528
viable/strict/1760646330
viable/strict/1760666101
viable/strict/1760668990
viable/strict/1760670600
viable/strict/1760671704
viable/strict/1760673121
viable/strict/1760675352
viable/strict/1760696731
viable/strict/1760723515
viable/strict/1760727234
viable/strict/1760730578
viable/strict/1760732726
viable/strict/1760734180
viable/strict/1760736251
viable/strict/1760737772
viable/strict/1760758005
viable/strict/1760761532
viable/strict/1760802581
viable/strict/1760827772
viable/strict/1760834524
viable/strict/1760845009
viable/strict/1760876836
viable/strict/1760880329
viable/strict/1760888987
viable/strict/1760912664
viable/strict/1760925321
viable/strict/1760931488
viable/strict/1760932693
viable/strict/1761004184
viable/strict/1761014748
viable/strict/1761017491
viable/strict/1761018806
viable/strict/1761020754
viable/strict/1761024303
viable/strict/1761029582
viable/strict/1761031535
viable/strict/1761035196
viable/strict/1761045825
viable/strict/1761054796
viable/strict/1761060314
viable/strict/1761071198
viable/strict/1761074628
viable/strict/1761078351
viable/strict/1761079822
viable/strict/1761081873
viable/strict/1761083392
viable/strict/1761085465
viable/strict/1761089099
viable/strict/1761095535
viable/strict/1761098119
viable/strict/1761101330
viable/strict/1761114425
viable/strict/1761116036
viable/strict/1761119379
viable/strict/1761121601
viable/strict/1761123234
viable/strict/1761126621
viable/strict/1761132259
viable/strict/1761146746
viable/strict/1761164752
viable/strict/1761166198
viable/strict/1761175424
viable/strict/1761176983
viable/strict/1761179891
viable/strict/1761181930
viable/strict/1761184516
viable/strict/1761190179
viable/strict/1761193558
viable/strict/1761207990
viable/strict/1761229539
viable/strict/1761244031
viable/strict/1761248986
viable/strict/1761259791
viable/strict/1761266139
viable/strict/1761268316
viable/strict/1761273805
viable/strict/1761275261
viable/strict/1761277913
viable/strict/1761290701
viable/strict/1761294396
viable/strict/1761303047
viable/strict/1761335388
viable/strict/1761337551
viable/strict/1761339007
viable/strict/1761341050
viable/strict/1761346188
viable/strict/1761349792
viable/strict/1761352620
viable/strict/1761354730
viable/strict/1761357298
viable/strict/1761360201
viable/strict/1761361753
viable/strict/1761364351
viable/strict/1761366338
viable/strict/1761367802
viable/strict/1761369889
viable/strict/1761371385
viable/strict/1761373581
viable/strict/1761375054
viable/strict/1761421785
viable/strict/1761434614
viable/strict/1761439254
viable/strict/1761454187
viable/strict/1761459991
viable/strict/1761470668
viable/strict/1761472188
viable/strict/1761503178
viable/strict/1761517492
viable/strict/1761518981
viable/strict/1761533609
viable/strict/1761546438
viable/strict/1761548133
viable/strict/1761555186
viable/strict/1761557178
viable/strict/1761560772
viable/strict/1761562266
viable/strict/1761564260
viable/strict/1761568072
viable/strict/1761571683
viable/strict/1761580199
viable/strict/1761587383
viable/strict/1761591165
viable/strict/1761594575
viable/strict/1761596710
viable/strict/1761598189
viable/strict/1761600254
viable/strict/1761603879
viable/strict/1761605429
viable/strict/1761607468
viable/strict/1761608983
viable/strict/1761611846
viable/strict/1761613922
viable/strict/1761616504
viable/strict/1761619599
viable/strict/1761686693
viable/strict/1761688179
viable/strict/1761691973
viable/strict/1761693884
viable/strict/1761695389
viable/strict/1761698408
viable/strict/1761702931
viable/strict/1761706307
viable/strict/1761709065
viable/strict/1761710285
viable/strict/1761711983
viable/strict/1761713514
viable/strict/1761715523
viable/strict/1761727973
viable/strict/1761751558
viable/strict/1761755187
viable/strict/1761756826
viable/strict/1761769551
viable/strict/1761771032
viable/strict/1761773101
viable/strict/1761781792
viable/strict/1761784788
viable/strict/1761786740
viable/strict/1761789332
viable/strict/1761792569
viable/strict/1761795289
viable/strict/1761798345
viable/strict/1761799827
viable/strict/1761805604
viable/strict/1761807202
viable/strict/1761809094
viable/strict/1761810576
viable/strict/1761812771
viable/strict/1761814363
viable/strict/1761857410
viable/strict/1761860985
viable/strict/1761863094
viable/strict/1761864590
viable/strict/1761866675
viable/strict/1761868178
viable/strict/1761871111
viable/strict/1761873126
viable/strict/1761875714
viable/strict/1761878924
viable/strict/1761881727
viable/strict/1761882959
viable/strict/1761886268
viable/strict/1761893641
viable/strict/1761931517
viable/strict/1761933080
viable/strict/1761935217
viable/strict/1761938533
viable/strict/1761940184
viable/strict/1761942338
viable/strict/1761946100
viable/strict/1761947374
viable/strict/1761950978
viable/strict/1761957727
viable/strict/1761959532
viable/strict/1761965366
viable/strict/1761968066
viable/strict/1761969322
viable/strict/1761974723
viable/strict/1761981837
viable/strict/1761985546
viable/strict/1761987030
viable/strict/1762003554
viable/strict/1762021560
viable/strict/1762032190
viable/strict/1762040981
viable/strict/1762048525
viable/strict/1762104223
viable/strict/1762105778
viable/strict/1762115109
viable/strict/1762125840
viable/strict/1762127377
viable/strict/1762134925
viable/strict/1762138338
viable/strict/1762148993
viable/strict/1762152871
viable/strict/1762156183
viable/strict/1762163457
viable/strict/1762165569
viable/strict/1762169035
viable/strict/1762174936
viable/strict/1762194412
viable/strict/1762195876
viable/strict/1762197788
viable/strict/1762199389
viable/strict/1762206585
viable/strict/1762210184
viable/strict/1762218736
viable/strict/1762224529
viable/strict/1762227253
viable/strict/1762228515
viable/strict/1762230349
viable/strict/1762231859
viable/strict/1762233925
viable/strict/1762237630
viable/strict/1762253522
viable/strict/1762278588
viable/strict/1762284203
viable/strict/1762289446
viable/strict/1762291515
viable/strict/1762295100
viable/strict/1762296590
viable/strict/1762300179
viable/strict/1762303207
viable/strict/1762386584
viable/strict/1762391537
viable/strict/1762394119
viable/strict/1762397437
viable/strict/1762400256
viable/strict/1762401469
viable/strict/1762408195
viable/strict/1762410411
viable/strict/1762417613
viable/strict/1762419198
viable/strict/1762422656
viable/strict/1762424746
viable/strict/1762446386
viable/strict/1762449912
viable/strict/1762457031
viable/strict/1762462441
viable/strict/1762467909
viable/strict/1762471493
viable/strict/1762475990
viable/strict/1762477933
viable/strict/1762491053
viable/strict/1762493118
viable/strict/1762498442
viable/strict/1762501778
viable/strict/1762504001
viable/strict/1762505583
viable/strict/1762507523
viable/strict/1762511140
viable/strict/1762512632
viable/strict/1762520467
viable/strict/1762522016
viable/strict/1762530591
viable/strict/1762543405
viable/strict/1762544998
viable/strict/1762552182
viable/strict/1762554297
viable/strict/1762559381
viable/strict/1762562222
viable/strict/1762564319
viable/strict/1762566904
viable/strict/1762569781
viable/strict/1762575940
viable/strict/1762580974
viable/strict/1762583185
viable/strict/1762586647
viable/strict/1762588183
viable/strict/1762593886
viable/strict/1762650743
viable/strict/1762653328
viable/strict/1762659342
viable/strict/1762662360
viable/strict/1762667377
viable/strict/1762671090
viable/strict/1762680284
viable/strict/1762683900
viable/strict/1762705541
viable/strict/1762709004
viable/strict/1762746004
viable/strict/1762748799
viable/strict/1762759504
viable/strict/1762760973
viable/strict/1762775374
viable/strict/1762777661
viable/strict/1762779774
viable/strict/1762781259
viable/strict/1762793628
viable/strict/1762800711
viable/strict/1762809894
viable/strict/1762811384
viable/strict/1762813841
viable/strict/1762815047
viable/strict/1762817094
viable/strict/1762818582
viable/strict/1762821623
viable/strict/1762823531
viable/strict/1762849583
viable/strict/1762851200
viable/strict/1762854603
viable/strict/1762858276
viable/strict/1762860891
viable/strict/1762866174
viable/strict/1762867653
viable/strict/1762872669
viable/strict/1762878380
viable/strict/1762889003
viable/strict/1762890589
viable/strict/1762892743
viable/strict/1762894271
viable/strict/1762896287
viable/strict/1762915871
viable/strict/1762918569
viable/strict/1762919776
viable/strict/1762923072
viable/strict/1762928826
viable/strict/1762930451
viable/strict/1762933780
viable/strict/1762937638
viable/strict/1762939545
viable/strict/1762962692
viable/strict/1762979143
viable/strict/1762984188
viable/strict/1762986306
viable/strict/1762989903
viable/strict/1762991377
viable/strict/1762998921
viable/strict/1763002287
viable/strict/1763016840
viable/strict/1763020180
viable/strict/1763027421
viable/strict/1763031120
viable/strict/1763036861
viable/strict/1763038993
viable/strict/1763054703
viable/strict/1763067061
viable/strict/1763070847
viable/strict/1763072706
viable/strict/1763076302
viable/strict/1763080816
viable/strict/1763082732
viable/strict/1763085329
viable/strict/1763088623
viable/strict/1763091402
viable/strict/1763092602
viable/strict/1763094355
viable/strict/1763099390
viable/strict/1763101608
viable/strict/1763105102
viable/strict/1763112347
viable/strict/1763119471
viable/strict/1763126835
viable/strict/1763149779
viable/strict/1763164178
viable/strict/1763167104
viable/strict/1763169132
viable/strict/1763171708
viable/strict/1763174759
viable/strict/1763180744
viable/strict/1763182227
viable/strict/1763184309
viable/strict/1763187991
viable/strict/1763191445
viable/strict/1763195152
viable/strict/1763205769
viable/strict/1763246990
viable/strict/1763261578
viable/strict/1763286573
viable/strict/1763292167
viable/strict/1763333386
viable/strict/1763340082
viable/strict/1763364324
viable/strict/1763371569
viable/strict/1763373067
viable/strict/1763375157
viable/strict/1763382462
viable/strict/1763394661
viable/strict/1763396797
viable/strict/1763398542
viable/strict/1763401807
viable/strict/1763414698
viable/strict/1763419807
viable/strict/1763426369
viable/strict/1763428331
viable/strict/1763430922
viable/strict/1763434184
viable/strict/1763439973
viable/strict/1763444995
viable/strict/1763447206
viable/strict/1763448826
viable/strict/1763450717
viable/strict/1763452183
viable/strict/1763457945
viable/strict/1763459439
viable/strict/1763461556
viable/strict/1763463103
viable/strict/1763465100
viable/strict/1763468866
viable/strict/1763493823
viable/strict/1763496249
viable/strict/1763502620
viable/strict/1763504715
viable/strict/1763506208
viable/strict/1763520590
viable/strict/1763523357
viable/strict/1763529922
viable/strict/1763531408
viable/strict/1763533622
viable/strict/1763538576
viable/strict/1763545823
viable/strict/1763547951
viable/strict/1763551477
viable/strict/1763552982
viable/strict/1763594698
viable/strict/1763596178
viable/strict/1763599155
viable/strict/1763603717
viable/strict/1763606923
viable/strict/1763609715
viable/strict/1763612757
viable/strict/1763616325
viable/strict/1763623509
viable/strict/1763624984
viable/strict/1763628796
viable/strict/1763634343
viable/strict/1763635867
viable/strict/1763639382
viable/strict/1763646626
viable/strict/1763655997
viable/strict/1763659444
viable/strict/1763660992
viable/strict/1763663201
viable/strict/1763670362
viable/strict/1763675378
viable/strict/1763693343
viable/strict/1763696088
viable/strict/1763697343
viable/strict/1763699165
viable/strict/1763700660
viable/strict/1763704209
viable/strict/1763706411
viable/strict/1763708082
viable/strict/1763711381
viable/strict/1763713593
viable/strict/1763715201
viable/strict/1763733017
viable/strict/1763735108
viable/strict/1763749579
viable/strict/1763751113
viable/strict/1763753035
viable/strict/1763754578
viable/strict/1763756748
viable/strict/1763758205
viable/strict/1763764050
viable/strict/1763771887
viable/strict/1763773920
viable/strict/1763776501
viable/strict/1763779437
viable/strict/1763781038
viable/strict/1763782245
viable/strict/1763785568
viable/strict/1763787006
viable/strict/1763789103
viable/strict/1763790578
viable/strict/1763796275
viable/strict/1763801465
viable/strict/1763803522
viable/strict/1763808581
viable/strict/1763840977
viable/strict/1763846659
viable/strict/1763872065
viable/strict/1763873648
viable/strict/1763875506
viable/strict/1763889904
viable/strict/1763930999
viable/strict/1763944964
viable/strict/1763958474
viable/strict/1763967263
viable/strict/1763972803
viable/strict/1763976376
viable/strict/1763989404
viable/strict/1763990887
viable/strict/1764019919
viable/strict/1764023134
viable/strict/1764024593
viable/strict/1764026706
viable/strict/1764031139
viable/strict/1764033131
viable/strict/1764035725
viable/strict/1764624265
viable/strict/1764631514
viable/strict/1764632987
viable/strict/1764636063
viable/strict/1764643975
viable/strict/1764646859
viable/strict/1764653120
viable/strict/1764654632
viable/strict/1764656821
viable/strict/1764658557
viable/strict/1764660333
viable/strict/1764661812
viable/strict/1764664023
viable/strict/1764669150
viable/strict/1764680709
viable/strict/1764687619
viable/strict/1764696355
viable/strict/1764701767
viable/strict/1764710768
viable/strict/1764716202
viable/strict/1764793566
viable/strict/1764797093
viable/strict/1764800729
viable/strict/1764937665
viable/strict/1764962695
viable/strict/1764969906
viable/strict/1764971377
viable/strict/1764973509
viable/strict/1764974978
viable/strict/1764998711
viable/strict/1765000210
viable/strict/1765002405
viable/strict/1765003961
viable/strict/1765005894
viable/strict/1765009572
viable/strict/1765013112
viable/strict/1765020204
viable/strict/1765026006
viable/strict/1765027592
viable/strict/1765048970
viable/strict/1765056264
viable/strict/1765070093
viable/strict/1765083210
viable/strict/1765092305
viable/strict/1765097458
viable/strict/1765151381
viable/strict/1765162442
viable/strict/1765173081
viable/strict/1765175237
viable/strict/1765187574
viable/strict/1765189571
viable/strict/1765205542
viable/strict/1765209095
viable/strict/1765211217
viable/strict/1765214729
viable/strict/1765220045
viable/strict/1765230582
viable/strict/1765252819
viable/strict/1765254415
viable/strict/1765257937
viable/strict/1765261624
viable/strict/1765263344
viable/strict/1765265541
viable/strict/1765293978
viable/strict/1765297603
viable/strict/1765302657
viable/strict/1765304787
viable/strict/1765306425
viable/strict/1765309785
viable/strict/1765335288
viable/strict/1765338194
viable/strict/1765339408
viable/strict/1765340890
viable/strict/1765342516
viable/strict/1765348042
viable/strict/1765349776
viable/strict/1765355200
viable/strict/1765362384
viable/strict/1765385713
viable/strict/1765391221
v0.*
v0.1.1
v0.1.10
v0.1.11
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v1.*
v1.0.0a0
v1.0rc0
v1.0rc1
v1.1.0a0
v1.2.0a0
v1.3.0a0
v1.4.0a0
v1.8.0-rc1
v2.*
v2.10.0-rc1
v2.10.0-rc2
v2.10.0-rc3
v2.10.0-rc4
v2.10.0-rc5
v2.10.0-rc6