VDB
KO
HIGH 7.5

PYSEC-2026-1857

PyTorch Lightning denial of service vulnerability

Details

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sending an unexpected POST request to the `/api/v1/state` endpoint of `LightningApp`. This issue occurs due to improper handling of unexpected state values, which results in the server shutting down.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pytorch-lightning
Introduced in: 0

No fixed version published yet for pytorch-lightning (pip). Pin to a known-safe version or switch to an alternative.

References