CRITICALCVE-2026-44484Published 2026-05-14Modified 2026-05-15CNA GitHub_M

CVE-2026-44484: Compromise of PyTorch Lightning PyPi Package Versions

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.

CVSS v4.0: 9.3
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

Lightning-AI / pytorch-lightning
2.6.2 · 2.6.3

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

https://github.com/Lightning-AI/pytorch-lightning/security/advisories/GHSA-w37p-236h-pfx3

Metrics