What is the CVSS score of CVE-2026-24231?

CVE-2026-24231 has a CVSS 3.1 base score of 6.3 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

NVIDIA NemoClaw CVE-2026-24231

EUVD-2026-26080 MEDIUM

Server-Side Request Forgery (SSRF) (CWE-918)

2026-04-28 nvidia

Information Disclosure SSRF Nvidia

6.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 28, 2026 - 20:06 vuln.today

EUVD ID Assigned

Apr 28, 2026 - 19:30 euvd

EUVD-2026-26080

Analysis Generated

Apr 28, 2026 - 19:30 vuln.today

CVE Published

Apr 28, 2026 - 17:46 nvd

MEDIUM 6.3

DescriptionNVD

NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL referencing the 0.0.0.0/8 address range through a blueprint configuration file or CLI flag. A successful exploit of this vulnerability may lead to information disclosure.

AnalysisAI

Server-side request forgery in NVIDIA NemoClaw's validateEndpointUrl() function allows local attackers with user interaction to supply crafted endpoint URLs targeting the 0.0.0.0/8 address range via blueprint configuration files or CLI flags, leading to information disclosure. The vulnerability affects all versions of NemoClaw and requires local access with user interaction to trigger, limiting exposure to systems where untrusted users can modify configuration or invoke CLI commands.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory