CVE-2026-4538

PYSEC-2026-139 · BIT-pytorch-2026-4538 · CVE-2026-4538

Published Mar 22, 2026 · Modified May 21, 2026

Description

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.

References

WEB https://github.com/pytorch/pytorch/
ADVISORY https://vuldb.com/?id.352326
ADVISORY https://vuldb.com/?submit.774681
REPORT https://vuldb.com/?ctiid.352326
FIX https://github.com/pytorch/pytorch/pull/176791

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes