DEBIAN-CVE-2026-4538

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-4538

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4538.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-4538

Upstream

CVE-2026-4538

Published

2026-03-22T05:16:20.273Z

Modified

2026-03-30T15:01:18.184443Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.

References

https://security-tracker.debian.org/tracker/CVE-2026-4538

Affected packages

Debian:11 / pytorch

Package

Name: pytorch
Purl: pkg:deb/debian/pytorch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.1-7

1.7.1-7+deb11u1

1.8.1-1

1.8.1-2

1.8.1-3

1.8.1-4

1.8.1-5

1.12.0~rc1-1

1.12.0-1

1.12.1-1

1.13.1+dfsg-1

1.13.1+dfsg-2

1.13.1+dfsg-3

1.13.1+dfsg-4

1.13.1+dfsg-5

2.*

2.0.1+dfsg-1~exp1

2.0.1+dfsg-1

2.0.1+dfsg-2

2.0.1+dfsg-4

2.0.1+dfsg-5

2.1.2+dfsg-1

2.1.2+dfsg-2

2.1.2+dfsg-4

2.4.1-1

2.4.1-3

2.4.1-4

2.5.0+dfsg-1

2.5.1+dfsg-1

2.5.1+dfsg-3

2.5.1+dfsg-4

2.6.0~rc9+dfsg-1~exp1

2.6.0+dfsg-1~exp1

2.6.0+dfsg-1

2.6.0+dfsg-2

2.6.0+dfsg-3

2.6.0+dfsg-4

2.6.0+dfsg-5

2.6.0+dfsg-7

2.6.0+dfsg-8

2.6.0+dfsg-9

2.9.0+dfsg-1~exp1

2.9.0+dfsg-1~exp2

2.9.1+dfsg-1~exp1

2.9.1+dfsg-1~exp2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4538.json"

Debian:12 / pytorch

Package

Name: pytorch
Purl: pkg:deb/debian/pytorch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.13.1+dfsg-4

1.13.1+dfsg-5

2.*

2.0.1+dfsg-1~exp1

2.0.1+dfsg-1

2.0.1+dfsg-2

2.0.1+dfsg-4

2.0.1+dfsg-5

2.1.2+dfsg-1

2.1.2+dfsg-2

2.1.2+dfsg-4

2.4.1-1

2.4.1-3

2.4.1-4

2.5.0+dfsg-1

2.5.1+dfsg-1

2.5.1+dfsg-3

2.5.1+dfsg-4

2.6.0~rc9+dfsg-1~exp1

2.6.0+dfsg-1~exp1

2.6.0+dfsg-1

2.6.0+dfsg-2

2.6.0+dfsg-3

2.6.0+dfsg-4

2.6.0+dfsg-5

2.6.0+dfsg-7

2.6.0+dfsg-8

2.6.0+dfsg-9

2.9.0+dfsg-1~exp1

2.9.0+dfsg-1~exp2

2.9.1+dfsg-1~exp1

2.9.1+dfsg-1~exp2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4538.json"

Debian:13 / pytorch

Package

Name: pytorch
Purl: pkg:deb/debian/pytorch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6.0+dfsg-7

2.6.0+dfsg-8

2.6.0+dfsg-9

2.9.0+dfsg-1~exp1

2.9.0+dfsg-1~exp2

2.9.1+dfsg-1~exp1

2.9.1+dfsg-1~exp2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4538.json"

Debian:14 / pytorch

Package

Name: pytorch
Purl: pkg:deb/debian/pytorch?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6.0+dfsg-7

2.6.0+dfsg-8

2.6.0+dfsg-9

2.9.0+dfsg-1~exp1

2.9.0+dfsg-1~exp2

2.9.1+dfsg-1~exp1

2.9.1+dfsg-1~exp2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-4538.json"