PoC: Arbitrary Code Execution via torch.export.load()
This is a security research PoC. The payload is benign (creates a marker file).
Vulnerability
torch.export.load() silently falls back to weights_only=False when loading .pt2 model files,
enabling arbitrary code execution via pickle deserialization.
Reproduction
# WARNING: This demonstrates code execution. The payload is benign.
import torch
ep = torch.export.load("malicious_export.pt2")
# Check: /tmp/pytorch_export_ace_poc was created
Or use the full PoC script:
python poc_torchexport_ace.py
Affected
- PyTorch >= 2.6.0
- Tested on PyTorch 2.10.0
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support