Primary

Context

PyTorch Arbitrary Code Execution Vulnerability via Malicious Checkpoint Files

Vulnerability

Patched

A vulnerability allowing arbitrary code execution has been identified in PyTorch versions prior to 2.10.0. The issue arises in the 'weights_only' unpickler, which fails to properly validate pickle opcodes and storage metadata. This flaw enables attackers to craft malicious checkpoint files (.pth) that, when loaded with 'torch.load(..., weights_only=True)', can corrupt memory and execute arbitrary code in the context of the user's process.

Impact

Exploitation of this vulnerability can lead to arbitrary code execution on the victim's machine.

Reproduction

The vulnerability can be reproduced by creating a malicious checkpoint file that exploits the unpickler's lack of validation. This crafted file can then be loaded using 'torch.load' with the 'weights_only' parameter set to True, which will trigger the memory corruption and potential code execution.

Remediation

Users should upgrade to PyTorch version 2.10.0 or later, where this vulnerability has been fixed.

Added: Jan 27, 2026, 10:25 PM

Updated: Jan 27, 2026, 10:25 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

5.0

remediation

7.7

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

5.0

remediation

7.7

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PyTorch Arbitrary Code Execution Vulnerability via Malicious Checkpoint Files

Vulnerability

Impact

Reproduction

Remediation

Affected Products

PyTorch

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating