Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
PyTorch

PyTorch Vendor Cyber Rating & Cyber Score

pytorch.org

An open source machine learning framework that accelerates the path from research prototyping to production deployment. PyTorch is an open source project at the Linux Foundation.


PyTorch A.I CyberSecurity Scoring

PyTorch
Company Information
Website:http://www.pytorch.org
Employees number:65
Number of followers:303,903
NAICS:5417
Industry Type:Research Services
Homepage:pytorch.org
PyTorch Risk Score (AI oriented)
Between 750 and 799
logo
PyTorchResearch Services
Updated:
04/04/2026
750/1000
Fair
Baa
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
PyTorch Global Score (TPRM)
xxxx
logo
PyTorchResearch Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

PyTorch
PyTorchFair
Current Score
750Baa (FAIR)
01000
2 incidents
-5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
750Before Incident
JUNE 2026
750Before Incident
MAY 2026
750Before Incident
APRIL 2026
750Before Incident
MARCH 2026
749Before Incident
FEBRUARY 2026
749Before Incident
JANUARY 2026
754Before Incident
Vulnerability
01 Jan 2026PyTorch
PyTorch: PyTorch Vulnerability Allows Memory Corruption Leading to Remote Code Execution

Critical PyTorch Vulnerability (CVE-2026-24747) Enables Arbitrary Code Execution via Malicious Model Files

749After Incident
CRITICAL-5
PYT1769705276
Critical PyTorch Vulnerability (CVE-2026-24747) Enables Arbitrary Code Execution via Malicious Model Files A severe vulnerability in PyTorch’s checkpoint loading mechanism has been disclosed, allowing attackers to execute arbitrary code through specially crafted model files. Tracked as CVE-2026-24747 with a CVSS score of 9.8, the flaw affects PyTorch versions 2.9.1 and earlier and poses a high risk to confidentiality, integrity, and availability. The issue lies in PyTorch’s `weights_only` unpickler, which was designed to safely load model checkpoints by restricting pickle operations. However, inadequate validation of pickle opcodes and storage metadata enables attackers to bypass these protections. By embedding malicious payloads in checkpoint files (`.pth`), adversaries can trigger memory corruption exploiting SETITEM/SETITEMS opcodes on non-dictionary types or manipulating storage element counts to write beyond intended memory boundaries. When a victim loads a compromised file using `torch.load()` with `weights_only=True`, the attack executes with the user’s privileges, granting full control over the host system. Exploitation requires user interaction (loading the file) but no privilege escalation, and the attack vector is classified as network-based with low complexity, making it accessible via distributed malicious models or compromised repositories. PyTorch has patched the vulnerability in version 2.10.0, which enforces stricter validation of pickle operations and metadata. Organizations are advised to upgrade immediately, as no workarounds exist beyond avoiding untrusted checkpoint files. The flaw underscores the risks of unpickling unvalidated model files in machine learning workflows, particularly in production environments. Security teams should audit PyTorch deployments, verify model file integrity, and implement network-level controls to mitigate exposure.
INCIDENT DETAILS -
TYPE
Vulnerability Exploitation
IMPACT
Systems Affected: Host systems running PyTorch versions 2.9.1 and earlierOperational Impact: Arbitrary code execution with user privileges, full system controlBrand Reputation Impact: High risk to confidentiality, integrity, and availability
DATA BREACH
.pth (PyTorch checkpoint files)
DECEMBER 2025
753Before Incident
NOVEMBER 2025
754Before Incident
OCTOBER 2025
753Before Incident
SEPTEMBER 2025
753Before Incident
AUGUST 2025
753Before Incident
APRIL 2025
754Before Incident
Vulnerability
21 Apr 2025PyTorch
PyTorch

Critical Vulnerability in PyTorch CVE-2025-32434

752After Incident
CRITICAL-2
PYT500042125
A critical vulnerability in PyTorch was identified as CVE-2025-32434 that allows attackers to execute malicious code remotely. The security flaw was found in the torch.load function when used with the weights_only=True parameter, which was formerly considered a safe approach for loading models from untrusted sources. This undermines PyTorch's security recommendations, as many organizations and developers had deployed this parameter specifically for security measures. The vulnerability allows hackers to create harmful model files that, upon loading, can run arbitrary code on the victim's system leading to potential total system compromise. This becomes treacherously dangerous for machine learning pipelines that download and load models from external sources or collaborative environments automatically.
INCIDENT DETAILS -
TYPE
Vulnerability Exploitation
MOTIVATION
Malicious Code Execution
IMPACT
Systems Affected: Machine learning pipelinesOperational Impact: Potential total system compromise

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for PyTorch ?
?
What was PyTorch's A.I Rankiteo Cyber Score in June 2026 ?
?
What was PyTorch's A.I Rankiteo Cyber Score in May 2026 ?
?
What was PyTorch's A.I Rankiteo Cyber Score in April 2026 ?
?
What was PyTorch's A.I Rankiteo Cyber Score in March 2026 ?
?
What was PyTorch's A.I Rankiteo Cyber Score in February 2026 ?
?
What was PyTorch's A.I Rankiteo Cyber Score in January 2026 ?
?
What was PyTorch's A.I Rankiteo Cyber Score in December 2025 ?
?
What was PyTorch's A.I Rankiteo Cyber Score in November 2025 ?
?
What was PyTorch's A.I Rankiteo Cyber Score in October 2025 ?
?
What was PyTorch's A.I Rankiteo Cyber Score in September 2025 ?
?
What was PyTorch's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on PyTorch's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with PyTorch ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view PyTorch's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?