Critical Alert 1 Active Exploit Detected Today

CVE-2026-28318 SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability →
Powered by CVE Watchtower
×
June 7, 2026

CVE Watchtower


← Back to CVE List

CVE-2026-24747NVD

Vulnerability Summary

PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.
Severity Level
HIGH(8.8)
Published Date
Jan 27, 2026
Last Modified
Jan 30, 2026
Exploitation Status
????
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
CWE-94: Code Injection β†—
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended syntax or behavior.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

External References