VDB
EN
HIGH 8.8

PYSEC-2026-1856

PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files

상세

### Summary

A vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution.

### Vulnerability Details

The `weights_only=True` unpickler failed to properly validate pickle opcodes and storage metadata, allowing:

1. **Heap memory corruption** via `SETITEM`/`SETITEMS` opcodes applied to non-dictionary types 2. **Storage size mismatch** between declared element count and actual data in the archive

### Impact

An attacker who can convince a user to load a malicious checkpoint file may achieve arbitrary code execution in the context of the victim's process.

# Credit Ji'an Zhou

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / pytorch
최초 영향 버전: 0 수정 버전: 2.10.0
수정 pip install --upgrade 'pytorch>=2.10.0'

참고