Human
Machine
REPRO-2026-00119 HIGH RCE
Verified
PyTorch: weights_only Unpickler RCE via SETITEM Type Confusion
torch (pip) Mar 2, 2026
What's the vulnerability?
PyTorch weights_only Unpickler RCE - Command Execution via setitem on Malicious Checkpoint
Root Cause Analysis
Variant Analysis
Bypass and alternate trigger exploration (if present).
One Command
Verify with pruva-verify
Run the Pruva CLI to automatically fetch and execute the reproduction script.
pruva-verify REPRO-2026-00119 or
pruva-verify GHSA-63cw-57p8-fm3p or
pruva-verify CVE-2026-24747 Install:
curl -fsSL https://pruva.dev/install.sh | sh Or Run Manually
1
Download the script
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00119/artifacts/repro/reproduction_steps.sh 2
Make executable
chmod +x reproduction_steps.sh 3
Run the script
./reproduction_steps.sh Run in a VM, container, or disposable environment. This exploits a real vulnerability.
How Pruva Reproduced This
Watch the AI agent's step-by-step process.
Loading session...
Artifacts
repro/rca_report.md7.8 KBrepro/reproduction_steps.sh9.0 KBvuln_variant/rca_report.md10.3 KBvuln_variant/reproduction_steps.sh10.1 KBcoding/proposed_fix.diff3.6 KBbundle/AGENTS.repro.md1.5 KBbundle/ticket.md3.5 KBvuln_variant/patch_analysis.md5.5 KBvuln_variant/create_exploit.py6.5 KBlogs/variant_run2.log5.1 KBlogs/variant_run1.log5.1 KBlogs/variant_vuln.log1.8 KBlogs/variant_fixed.log1.8 KBcoding/verify_fix.sh9.1 KBcoding/summary_report.md6.3 KB