Fabre

#1136002 pytorch: CVE-2026-4538 #1136002

Package:: src:pytorch

Source:: src:pytorch

Submitter:: Moritz Mühlenhoff

Date:: 2026-05-08 13:17:02 UTC

Severity:: normal

Tags:

#1136002#5

Date:: 2026-05-08 13:13:26 UTC

From:

To:

Hi,

The following vulnerability was published for pytorch.

CVE-2026-4538[0]:
| A vulnerability was identified in PyTorch 2.10.0. The affected
| element is an unknown function of the component pt2 Loading Handler.
| The manipulation leads to deserialization. The attack can only be
| performed from a local environment. The exploit is publicly
| available and might be used. The project was informed of the problem
| early through a pull request but has not reacted yet.

https://github.com/pytorch/pytorch/pull/176791


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-4538
https://www.cve.org/CVERecord?id=CVE-2026-4538

Please adjust the affected versions in the BTS as needed.

#1136002 pytorch: CVE-2026-4538 #1136002

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)