Skip to main content

Megatron Bridge CVE-2025-33239

HIGH
Code Injection (CWE-94)
2026-02-18 psirt@nvidia.com
7.8
CVSS 3.1 · Vendor: nvidia
Share

Severity by source

Vendor (nvidia) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (nvidia) · only source for this CVE.

CVSS VectorVendor: nvidia

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 18, 2026 - 14:16 nvd
HIGH 7.8

DescriptionCVE.org

NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

AnalysisAI

NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

Technical ContextAI

Classified as CWE-94 (Code Injection). Affects Megatron-Bridge. NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2026-24248 HIGH
7.8 Jul 01

Arbitrary code execution in NVIDIA Megatron Bridge for Linux stems from improper control of code generation (CWE-94), al

CVE-2026-24243 HIGH
7.8 Jul 01

Arbitrary code execution in NVIDIA Megatron Bridge (all versions per the NVIDIA advisory) arises from unsafe deserializa

CVE-2026-24247 HIGH
7.8 Jul 01

Insecure deserialization in NVIDIA Megatron Bridge for Linux (CWE-502) lets an attacker who supplies a crafted serialize

CVE-2026-24246 HIGH
7.8 Jul 01

Arbitrary code execution in NVIDIA Megatron Bridge on Linux arises from unsafe reflection (CWE-470), where externally-co

CVE-2026-24240 HIGH
7.8 Jul 01

Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux (CWE-502) can lead to arbitrary code execution, pr

CVE-2026-24249 HIGH
7.8 Jul 01

Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux allows a low-privileged local attacker to achieve

CVE-2026-24251 HIGH
7.8 Jul 01

Local code execution and privilege escalation in NVIDIA Megatron Bridge (Linux) stems from unsafe handling of dynamicall

CVE-2026-24250 HIGH
7.8 Jul 01

Local privilege escalation and code execution in NVIDIA Megatron Bridge for Linux stems from unsafe deserialization of a

CVE-2026-24245 HIGH
7.8 Jul 01

Arbitrary code execution in NVIDIA Megatron Bridge for Linux arises from unsafe deserialization of untrusted data (CWE-5

CVE-2026-24244 HIGH
7.8 Jul 01

Arbitrary code execution and privilege escalation in NVIDIA Megatron Bridge on Linux arises from unsafe deserialization

CVE-2026-24242 HIGH
7.8 Jul 01

Server-side request forgery in NVIDIA Megatron Bridge for Linux allows an attacker to coerce the software into issuing a

CVE-2025-33240 HIGH
7.8 Feb 18

NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code i

Share

CVE-2025-33239 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy