Skip to main content

NVIDIA NeMo Framework CVE-2026-24228

| EUVD-2026-37130 HIGH
Deserialization of Untrusted Data (CWE-502)
2026-06-16 nvidia GHSA-j4c5-f359-2237
Nvidia Deserialization Information Disclosure RCE Nemo Framework
7.8
CVSS 3.1 · Vendor: nvidia
Share

Severity by source

Vendor (nvidia) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local host access and an existing low-privileged account are needed to plant the malicious artifact (AV:L, PR:L); deserialization yields full code execution under the loading user, so C/I/A all High.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (nvidia).

CVSS VectorVendor: nvidia

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 16, 2026 - 17:18 vuln.today
CVE Published
Jun 16, 2026 - 16:09 cve.org
HIGH 7.8

DescriptionCVE.org

NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.

AnalysisAI

Local code execution in NVIDIA NeMo Framework on Linux allows an authenticated low-privileged attacker to abuse unsafe deserialization of untrusted data (CWE-502) to run arbitrary code, escalate privileges, tamper with data, or disclose information. The CVSS 7.8 (AV:L/PR:L) profile and the typical ML-training use case mean exploitation requires existing access to the host running NeMo. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local account on NeMo host
Delivery
Plant malicious serialized checkpoint or config in NeMo-read path
Exploit
Victim NeMo process loads artifact
Execution
Unsafe deserialization triggers embedded gadget
Persist
Arbitrary code executes as victim user
Impact
Escalate privileges and exfiltrate model data or credentials
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Attacker must already have local low-privileged access (CVSS PR:L, AV:L) to a Linux host running NVIDIA NeMo Framework, and must be able to place a crafted serialized artifact - model checkpoint, cached object, or configuration file - in a filesystem location that the NeMo Framework subsequently deserializes during model loading, training start-up, or experiment configuration. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H scores 7.8 (High): impact is full CIA compromise but the attack vector is local and requires some pre-existing low-privileged access, which materially limits opportunistic exploitation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario On a shared GPU training host, a low-privileged researcher uploads a malicious model checkpoint or YAML/pickle config into a path that another user's NeMo training job, or a service-account pipeline, subsequently loads. When NeMo deserializes the crafted artifact the embedded gadget executes arbitrary code under the victim account, giving the attacker that user's data, credentials, and any group privileges - including potential root if a privileged operator account loads the artifact. …
Remediation Patch available per vendor advisory - upgrade NVIDIA NeMo Framework to the fixed version listed in NVIDIA security bulletin 5839 at https://nvidia.custhelp.com/app/answers/detail/a_id/5839 (the exact fix version was not included in the supplied input and should be read directly from that advisory before deployment). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all NeMo Framework deployments and identify systems accessible to low-privileged users. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-24155 HIGH
7.8 Jun 16

Code injection in NVIDIA NeMo Framework across all supported platforms allows a local attacker with low privileges to ex

Share

CVE-2026-24228 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy