Skip to content

Pin lightning==2.6.1 to avoid compromised 2.6.2/2.6.3#230

Merged
imbgar-roboflow merged 1 commit into
developfrom
security/pin-lightning-2.6.1-cve-ghsa-w37p-236h-pfx3
May 1, 2026
Merged

Pin lightning==2.6.1 to avoid compromised 2.6.2/2.6.3#230
imbgar-roboflow merged 1 commit into
developfrom
security/pin-lightning-2.6.1-cve-ghsa-w37p-236h-pfx3

Conversation

@imbgar-roboflow
Copy link
Copy Markdown
Contributor

@imbgar-roboflow imbgar-roboflow commented May 1, 2026

Summary

  • Pin lightning to ==2.6.1 (was >=2.4.0) so a fresh install does not resolve to the malicious wheels on PyPI.

Why

Lightning AI advisory GHSA-w37p-236h-pfx3 (published 2026-04-30) confirms that lightning / pytorch-lightning 2.6.2 and 2.6.3 on PyPI were compromised. The wheels include a hidden _runtime/ directory with a start.py downloader and an ~11 MB obfuscated router_runtime.js payload that auto-executes on import lightning, harvests credentials (GitHub/npm/PyPI tokens, cloud creds, env vars, SSH keys), and attempts to commit encoded data back to victim repos. See Socket's writeup: https://socket.dev/blog/lightning-pypi-package-compromised.

2.6.1 (published 2026-01-30) is the last known clean release. The current spec lightning>=2.4.0 is unbounded and would resolve to 2.6.3 on a fresh install — this PR forces resolvers to skip the malicious versions until upstream ships a clean replacement.

Notes

  • Hard pin is intentionally narrow until Lightning AI publishes a confirmed-clean 2.6.4+. Once that lands we can relax to a >= range again.
  • maestro has no lockfile, so no uv lock / poetry lock regeneration is needed — the pyproject.toml change is sufficient.

Test plan

  • Confirm pip install -e . still resolves successfully
  • Confirm CI passes

@imbgar-roboflow
Pin lightning==2.6.1 to avoid compromised 2.6.2/2.6.3
e401552 
Lightning AI advisory GHSA-w37p-236h-pfx3 reports the lightning /
pytorch-lightning 2.6.2 and 2.6.3 wheels on PyPI contain a
credential-harvesting payload that auto-executes on import. 2.6.1 is
the last known clean release.

The previous spec 'lightning>=2.4.0' would resolve to 2.6.3 on a fresh
install. Pinning to 2.6.1 forces resolvers to skip the malicious
versions until upstream publishes a clean replacement.

Refs: GHSA-w37p-236h-pfx3
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented May 1, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

@imbgar-roboflow imbgar-roboflow requested a review from yeldarby May 1, 2026 00:11
@imbgar-roboflow imbgar-roboflow merged commit f72d30d into develop May 1, 2026
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yeldarby yeldarby yeldarby approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@imbgar-roboflow @CLAassistant @yeldarby