CNNVD-202601-4459 Information

CNNVD ID

CNNVD-202601-4459

Related CVE

CVE-2026-24747

• CNNVD Published: 2026-01-27

Description (Chinese)

PyTorch是PyTorch开源的一个 Python 包。 PyTorch 2.10.0之前版本存在代码问题漏洞，该漏洞源于weights_only反序列化器存在缺陷，可能导致内存损坏和任意代码执行。

Description (English)

PyTorch is a Python package for PyTorch open source. Prior to PyTorch 2.10.0, there was a code problem loophole, which arose from defects in the anti-serializers, which could lead to memory damage and arbitrary code execution.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

PyTorch

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/pytorch/pytorch/163122/commit/954dc5183ee9205cbe79876ad05dd2d9ae752139 https://github.com/pytorch/pytorch/issues/163105 https://github.com/pytorch/pytorch/releases/tag/v2.10.0 https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p

Patch

https://github.com/pytorch/pytorch/releases