Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Local delivery of a malicious artifact with no auth (AV:L, PR:N) but a victim must load it (UI:R); deserialization yields full code execution, so C/I/A all High.
Primary rating from Vendor (nvidia).
CVSS VectorVendor: nvidia
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Articles & Coverage 1
AnalysisAI
Arbitrary code execution and privilege escalation in NVIDIA Megatron Bridge on Linux arises from unsafe deserialization of untrusted data, allowing a local attacker who convinces a user to load a malicious serialized object to run code, tamper with data, and disclose information. NVIDIA (the reporting vendor) rates it 7.8 (High); the CVSS vector requires local access and user interaction, so exploitation is not remote-unauthenticated. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local delivery of a malicious serialized artifact (model checkpoint, configuration, or other pickled data) AND a victim action to load/deserialize it in Megatron Bridge - the CVSS UI:R confirms required user interaction, and AV:L confirms local vector, so this is not remotely triggerable without user involvement. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H yields 7.8 (High): local attack vector, low complexity, no privileges required, but user interaction is required, with high confidentiality, integrity, and availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes or shares a malicious model checkpoint or config file (e.g., on a model hub or via a project repository) whose serialized payload embeds attacker code. A data scientist loads that artifact with Megatron Bridge on their Linux workstation or training node, and the deserialization executes the payload with the user's privileges, enabling code execution and data theft. … |
| Remediation | Upgrade NVIDIA Megatron Bridge to the fixed release identified in NVIDIA's advisory at https://github.com/NVIDIA/product-security/tree/main/2026/5841 - a patch is available per the vendor advisory, but the exact fixed version is not stated in the available data and must be read from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Conduct inventory of all systems running NVIDIA Megatron Bridge and identify dependencies and user populations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Megatron Bridge
View allArbitrary code execution in NVIDIA Megatron Bridge for Linux stems from improper control of code generation (CWE-94), al
Arbitrary code execution in NVIDIA Megatron Bridge (all versions per the NVIDIA advisory) arises from unsafe deserializa
Insecure deserialization in NVIDIA Megatron Bridge for Linux (CWE-502) lets an attacker who supplies a crafted serialize
Arbitrary code execution in NVIDIA Megatron Bridge on Linux arises from unsafe reflection (CWE-470), where externally-co
Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux (CWE-502) can lead to arbitrary code execution, pr
Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux allows a low-privileged local attacker to achieve
Local code execution and privilege escalation in NVIDIA Megatron Bridge (Linux) stems from unsafe handling of dynamicall
Local privilege escalation and code execution in NVIDIA Megatron Bridge for Linux stems from unsafe deserialization of a
Arbitrary code execution in NVIDIA Megatron Bridge for Linux arises from unsafe deserialization of untrusted data (CWE-5
Server-side request forgery in NVIDIA Megatron Bridge for Linux allows an attacker to coerce the software into issuing a
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code i
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code inj
Same weakness CWE-502 – Deserialization of Untrusted Data
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41044
GHSA-wh7f-f43p-5q6v