{"id":"AZL-75293","summary":"CVE-2026-24747 affecting package pytorch for versions less than 2.2.2-11","details":"PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.","modified":"2026-04-21T04:38:53.975523Z","published":"2026-01-27T22:15:56Z","upstream":["CVE-2026-24747"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24747"}],"affected":[{"package":{"name":"pytorch","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/pytorch"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.2-11"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75293.json"}}],"schema_version":"1.7.5"}