PyTorch Vulnerability Allows Local Code Execution

CERT-Bund Security Advisories

Published March 22nd, 2026

Detected March 23rd, 2026

Summary

CERT-Bund has issued a security advisory for PyTorch, detailing a vulnerability that allows local code execution. The advisory affects PyTorch version 2.10.0 on Linux, UNIX, and Windows systems. Mitigation is available.

View original document View source feed page

What changed

CERT-Bund has released a security advisory (WID-SEC-2026-0813) concerning a critical vulnerability in PyTorch, specifically version 2.10.0. This vulnerability, with a CVSS Base Score of 5.3, allows a local attacker to execute arbitrary program code on affected systems, including Linux, UNIX, and Windows.

Organizations utilizing PyTorch, particularly in deep learning environments, should review the advisory and implement available mitigations to prevent unauthorized code execution. The advisory indicates that mitigation is available, and affected parties should consult the provided links for specific guidance and version history. This is a non-binding advisory from a national cybersecurity agency.

What to do next

Review CERT-Bund advisory WID-SEC-2026-0813 for PyTorch vulnerability details
Implement available mitigations for PyTorch version 2.10.0
Assess impact on systems running PyTorch on Linux, UNIX, and Windows

Source document (simplified)

[WID-SEC-2026-0813] PyTorch: Schwachstelle ermöglicht Codeausführung CVSS Base Score 5.3 (mittel) CVSS Temporal Score 4.8 (mittel) Remoteangriff nein Datum 22.03.2026 Stand 23.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

Linux
Sonstiges
UNIX
Windows

Produktbeschreibung

PyTorch ist eine Tensor-Bibliothek für Deep Learning mit GPUs und CPUs.

Produkte

22.03.2026
- Open Source PyTorch 2.10.0

Angriff

Ein lokaler Angreifer kann eine Schwachstelle in PyTorch ausnutzen, um beliebigen Programmcode auszuführen. CVE Informationen Versionshistorie Feedback zum Advisory geben