{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T13:52:30.258","vulnerabilities":[{"cve":{"id":"CVE-2026-24747","sourceIdentifier":"security-advisories@github.com","published":"2026-01-27T22:15:56.470","lastModified":"2026-01-30T21:51:55.367","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue."},{"lang":"es","value":"PyTorch es un paquete de Python que proporciona computación de tensores. Antes de la versión 2.10.0, una vulnerabilidad en el des-serializador 'weights_only' de PyTorch permite a un atacante crear un archivo de punto de control malicioso ('.pth') que, cuando se carga con 'torch.load(..., weights_only=True)', puede corromper la memoria y potencialmente conducir a ejecución de código arbitrario. La versión 2.10.0 corrige el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"},{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:pytorch:*:*:*:*:*:python:*:*","versionEndExcluding":"2.10.0","matchCriteriaId":"A0FD31BC-C8CC-47C0-B39B-CD8BFDFE8F97"}]}]}],"references":[{"url":"https://github.com/pytorch/pytorch/163122/commit/954dc5183ee9205cbe79876ad05dd2d9ae752139","source":"security-advisories@github.com","tags":["Broken Link"]},{"url":"https://github.com/pytorch/pytorch/issues/163105","source":"security-advisories@github.com","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/pytorch/pytorch/releases/tag/v2.10.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}