EUVD-2026-37129
GHSA-xp23-6mrm-wqh3
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local attacker with low-privileged shell on a NeMo host supplies a crafted artifact NeMo evaluates, yielding code execution with full CIA impact under the NeMo process; no UI or scope change.
Primary rating from Vendor (nvidia).
CVSS VectorVendor: nvidia
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
AnalysisAI
Code injection in NVIDIA NeMo Framework across all supported platforms allows a local attacker with low privileges to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The flaw carries a CVSS 3.1 score of 7.8 with high impact across confidentiality, integrity, and availability, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must already have local, low-privileged access (CVSS AV:L/PR:L) on a system where NVIDIA NeMo Framework is installed and executed, and must be able to supply or modify an input that NeMo subsequently processes - typically a configuration file, training recipe, or model artifact ingested by a NeMo pipeline. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H frames this as a local, low-complexity, low-privileged attack with no user interaction and high impact on all three CIA properties - consistent with a malicious artifact (model checkpoint, config, or recipe) processed by a NeMo workflow on a shared GPU host. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with low-privileged access to a shared GPU/ML host - for example a data scientist account on a research cluster or a CI runner that ingests externally-sourced model artifacts - supplies a crafted configuration file, recipe, or model checkpoint that NeMo Framework parses and evaluates, triggering arbitrary code execution under the NeMo process identity. The attacker then pivots from their low-privileged context toward the service account running NeMo, harvesting model weights, dataset credentials, and cloud tokens, and tampering with downstream model outputs. … |
| Remediation | Patch available per vendor advisory - consult the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5839 for the exact fixed NeMo Framework version and upgrade all training, fine-tuning, and inference environments accordingly; the NVD record at https://nvd.nist.gov/vuln/detail/CVE-2026-24155 should be monitored for additional CPE/version metadata. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all NVIDIA NeMo Framework deployments across production and development environments; categorize by data sensitivity and assess current privilege levels of service accounts running NeMo. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Share
External POC / Exploit Code
Leaving vuln.today