CVE Catalog

CVE-2026-44484

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.39%

31th percentile — higher than 31% of all known CVEs

Summary

A vulnerability in PyTorch Lightning versions 2.6.2 and 2.6.2 introduces functionality consistent with credential harvesting. An attacker could exploit this flaw to intercept user credentials.

Risk Assessment

The risk involves potential leakage of sensitive credentials, which could lead to unauthorized access to organizational systems and data.

Recommendation

It is recommended to immediately update PyTorch Lightning to the latest available version that addresses this vulnerability. Also review the configuration for any suspicious authentication-related features.

Original NVD description (English source)

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS