EUVD-2026-33985
GHSA-g694-w46x-9wjv
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
AnalysisAI
Local code execution in NVIDIA NVTabular allows a low-privileged attacker to abuse insecure deserialization of untrusted data, potentially leading to arbitrary code execution, data tampering, and information disclosure on the host running the library. The flaw carries a CVSS 7.8 (High) rating with confidentiality, integrity, and availability all marked High, and currently no public exploit identified at time of analysis. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker requires local access to the host running NVTabular and at least low-level privileges (CVSS PR:L) - typically an account that can write to a directory from which NVTabular loads serialized workflow, schema, or preprocessing objects, or the ability to substitute a dataset/model artifact that a higher-privileged training job will deserialize. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector AV:L/AC:L/PR:L/UI:N indicates local attack vector with low privileges and no user interaction, which is consistent with a deserialization sink triggered when NVTabular loads an attacker-supplied artifact (workflow, schema, or pickled object) on a shared training host. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privileged account on a shared ML training host (or who can place a file in a path the training pipeline reads) crafts a malicious pickled NVTabular workflow or preprocessing artifact containing a __reduce__ gadget. When a data scientist or scheduled job invokes the standard NVTabular load routine against the artifact, the deserializer executes the embedded payload in-process, yielding code execution as the pipeline user and access to any training data, credentials, or GPU resources that account can reach. … |
| Remediation | Patch available per vendor advisory - upgrade NVTabular to the fixed release identified in NVIDIA security bulletin a_id 5851 at https://nvidia.custhelp.com/app/answers/detail/a_id/5851, citing the exact version listed by NVIDIA at the time of patching (no specific version was provided in the input data, so do not assume one). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Identify all systems running NVTabular and restrict local access to essential personnel only; audit recent system activity logs for suspicious processes or file access. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Arbitrary file read leading to remote code execution affects Langflow versions prior to 1.9.2 in any flow that uses Base
Unauthenticated remote code execution in NVIDIA Spatial Intelligence Lab's GEN3C inference API server allows network att
Code injection in NVIDIA NeMo Framework across all supported platforms allows a local attacker with low privileges to ex
Local code execution in NVIDIA NeMo Framework on Linux allows an authenticated low-privileged attacker to abuse unsafe d
Share
External POC / Exploit Code
Leaving vuln.today