CVE-2026-44484
CRITICALCompromise of PyTorch Lightning PyPi Package Versions
Title source: cnaDescription
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.
References (1)
Core 1
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/Lightning-AI/pytorch-lightning/security/advisories/GHSA-w37p-236h-pfx3
Scores
CVSS v3
9.8
EPSS
0.0006
EPSS Percentile
19.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-506
Status
published
Products (5)
Lightning-AI/pytorch-lightning
2.6.2
Lightning-AI/pytorch-lightning
2.6.3
lightningai/pytorch_lightning
2.6.2
lightningai/pytorch_lightning
2.6.3
pypi/pytorch-lightning
PyPI
Published
May 14, 2026
Tracked Since
May 14, 2026