Product
A remote code execution vulnerability, CVE-2026-58659, exists in PyTorch Lightning through version 2.6.5, allowing attackers to craft malicious checkpoint files that execute arbitrary code by exploiting a flaw in the `_load_state` function when `LightningModule.load_from_checkpoint` is called.