{"id":"AZL-75588","summary":"CVE-2026-24747 affecting package pytorch for versions less than 2.0.0-14","details":"PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.","modified":"2026-04-21T04:38:58.806292Z","published":"2026-01-27T22:15:56Z","upstream":["CVE-2026-24747"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24747"}],"affected":[{"package":{"name":"pytorch","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/pytorch"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.0-14"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-75588.json"}}],"schema_version":"1.7.5"}