Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (nvidia) · only source for this CVE.
CVSS VectorVendor: nvidia
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Articles & Coverage 1
AnalysisAI
Arbitrary code execution in NVIDIA Megatron Bridge on Linux arises from unsafe reflection (CWE-470), where externally-controlled input selects which classes or code resources are dynamically loaded. A local attacker who convinces a user to load a crafted artifact (e.g., a malicious model, checkpoint, or configuration) can trigger code execution, privilege escalation, data tampering, and information disclosure. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours: Audit all systems running NVIDIA Megatron Bridge on Linux and immediately restrict users' ability to load untrusted model files or checkpoints. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Megatron Bridge
View allArbitrary code execution in NVIDIA Megatron Bridge for Linux stems from improper control of code generation (CWE-94), al
Arbitrary code execution in NVIDIA Megatron Bridge (all versions per the NVIDIA advisory) arises from unsafe deserializa
Insecure deserialization in NVIDIA Megatron Bridge for Linux (CWE-502) lets an attacker who supplies a crafted serialize
Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux (CWE-502) can lead to arbitrary code execution, pr
Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux allows a low-privileged local attacker to achieve
Local code execution and privilege escalation in NVIDIA Megatron Bridge (Linux) stems from unsafe handling of dynamicall
Local privilege escalation and code execution in NVIDIA Megatron Bridge for Linux stems from unsafe deserialization of a
Arbitrary code execution in NVIDIA Megatron Bridge for Linux arises from unsafe deserialization of untrusted data (CWE-5
Arbitrary code execution and privilege escalation in NVIDIA Megatron Bridge on Linux arises from unsafe deserialization
Server-side request forgery in NVIDIA Megatron Bridge for Linux allows an attacker to coerce the software into issuing a
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code i
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code inj
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41047
GHSA-r68h-q8cp-98mx