CVE-2026-4538

ADVISORY - nist

Summary

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.

EPSS Score⁠: 0.00023 (0.065)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-20⁠

Improper Input Validation

CWE-502⁠

Deserialization of Untrusted Data

ADVISORY - redhat

CWE-502⁠

Deserialization of Untrusted Data

Impacted images

Advisories

NIST

CREATED

2 months ago

UPDATED

21 days ago

ADVISORY IDCVE-2026-4538⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-20⁠CWE-502⁠

CVSS SCORE

1.9low

Debian

CREATED

2 months ago

UPDATED

12 days ago

ADVISORY IDCVE-2026-4538⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

2 months ago

UPDATED

18 days ago

ADVISORY IDCVE-2026-4538⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8medium

PypA

CREATED

2 months ago

UPDATED

16 hours ago

ADVISORY ID

PYSEC-2026-139

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8high

Bitnami

CREATED

21 days ago

UPDATED

21 days ago

ADVISORY ID

BIT-pytorch-2026-4538

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

1.9low

Red Hat

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2026-4538⁠

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-502⁠

CVSS SCORE

5.3medium