CVE-2026-4538

LOW EPSS 14.9%
Published Mar 22, 20263mo ago · Modified Jun 17, 20261w ago
1.9 CVSS 4.0
Low
Find Similar
Published Mar 22, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.

CVSS Details

Base Score
1.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
14.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-20 Improper Input Validation Validation
CWE-502 Deserialization of Untrusted Data Validation

Affected Products 1

VendorProductVersionRange
linuxfoundationpytorch2.10.0any

References 5

  • github.com https://github.com/pytorch/pytorch/
    Product
  • github.com https://github.com/pytorch/pytorch/pull/176791
    Issue TrackingPatch
  • vuldb.com https://vuldb.com/?ctiid.352326
    Permissions RequiredVDB Entry
  • vuldb.com https://vuldb.com/?id.352326
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.774681
    Third Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/pytorch/pytorch/pull/176791
    Issue TrackingPatch