PULSE
LIVE18signals / 24h
FEED
ransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Services
← All CVEs
CVE WatchJul 15, 2026

CVE-2026-24747

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler

CVSS

8.8

High

EPSS

0.7%

p49

KEV

Exploit Today

15

0-100

Published: Jan 27, 2026 · Last modified: Jul 15, 2026 · CWE-94 · CWE-502

EPSS · 30d
0.7%EPSS · 30 days0.7%
2026-06-302026-07-17
Technical description

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.

Official references
Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-32489.8 CRI
100.0%
KEV80Langflow Missing Authentication Vulnerability3d
CVE-2021-422379.8 CRI
99.9%
KEV80Sitecore XP Remote Command Execution Vulnerability8d
CVE-2026-341978.8 HIG
99.9%
KEV80Apache ActiveMQ Improper Input Validation Vulnerability3d
CVE-2026-456598.8 HIG
86.8%
KEV76Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability15d
CVE-2026-154107.2 HIG
71.1%
KEV71SonicWall SMA1000 Appliances Code Injection Vulnerability2d
CVE-2026-586449.8 CRI
70.7%
KEV71Microsoft SharePoint Deserialization of Untrusted Data Vulnerability16h