CVE-2026-44484

Summary

PyTorch Lightning is a deep learning framework to pretrain and finetune AI models. Versions 2.6.2 and 2.6.2 have introduced functionality consistent with a credential harvesting mechanism.

Affected Software

VendorProductVersion RangeStatus
Lightning-AIpytorch-lightning2.6.2affected
Lightning-AIpytorch-lightning2.6.3affected

Weaknesses

  • CWE-506: CWE-506: Embedded Malicious Code

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

pytorch-lightning: PyTorch Lightning: Credential harvesting via introduced functionality

Additional References

References