CVE-2026-44484
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk31th percentile — higher than 31% of all known CVEs
Summary
A vulnerability in PyTorch Lightning versions 2.6.2 and 2.6.2 introduces functionality consistent with credential harvesting. An attacker could exploit this flaw to intercept user credentials.
Risk Assessment
The risk involves potential leakage of sensitive credentials, which could lead to unauthorized access to organizational systems and data.
Recommendation
It is recommended to immediately update PyTorch Lightning to the latest available version that addresses this vulnerability. Also review the configuration for any suspicious authentication-related features.
Original NVD description (English source)
PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.

