Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local vector since the attacker must supply serialized data to a local process (AV:L); a low-privileged user triggers it without interaction (PR:L, AC:L, UI:N); deserialization RCE yields full C/I/A impact.
Primary rating from Vendor (nvidia).
CVSS VectorVendor: nvidia
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Articles & Coverage 1
AnalysisAI
Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux allows a low-privileged local attacker to achieve code execution, privilege escalation, data tampering, and information disclosure. Megatron Bridge is NVIDIA's model-interoperability tooling used to convert and load large-language-model checkpoints in the Megatron/PyTorch training stack, where unsafe object deserialization (CWE-94) lets attacker-controlled serialized data run arbitrary code in the process context. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to (1) have local access with at least low privileges (PR:L) on the host running Megatron Bridge, and (2) be able to supply or influence a serialized input - a model checkpoint, saved state, or config - that Megatron Bridge subsequently deserializes/loads. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H scores 7.8 (High) and is internally consistent with a deserialization flaw: local attack vector (AV:L) reflects that the attacker must supply data to a process on the host, low complexity (AC:L) and low privileges (PR:L) mean an authenticated local user with minimal rights can trigger it without user interaction, and the High confidentiality, integrity and availability impacts reflect full code execution in the victim process. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privileged local account on a shared GPU training host (or who can influence a model checkpoint pulled into a pipeline) plants a maliciously crafted serialized checkpoint or config. When a victim user or automated job runs Megatron Bridge to load or convert that artifact, the embedded payload executes during deserialization, running arbitrary code as the victim and enabling privilege escalation, data theft, or tampering. … |
| Remediation | Upgrade NVIDIA Megatron Bridge to the fixed version listed in NVIDIA's advisory at https://github.com/NVIDIA/product-security/tree/main/2026/5841 - no exact fix version is provided in the input data, so the vendor advisory must be consulted (no vendor-released patch version independently confirmed at time of analysis). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all systems running NVIDIA Megatron Bridge for Linux; identify which systems run multi-tenant workloads or process sensitive models. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Megatron Bridge
View allArbitrary code execution in NVIDIA Megatron Bridge for Linux stems from improper control of code generation (CWE-94), al
Arbitrary code execution in NVIDIA Megatron Bridge (all versions per the NVIDIA advisory) arises from unsafe deserializa
Insecure deserialization in NVIDIA Megatron Bridge for Linux (CWE-502) lets an attacker who supplies a crafted serialize
Arbitrary code execution in NVIDIA Megatron Bridge on Linux arises from unsafe reflection (CWE-470), where externally-co
Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux (CWE-502) can lead to arbitrary code execution, pr
Local code execution and privilege escalation in NVIDIA Megatron Bridge (Linux) stems from unsafe handling of dynamicall
Local privilege escalation and code execution in NVIDIA Megatron Bridge for Linux stems from unsafe deserialization of a
Arbitrary code execution in NVIDIA Megatron Bridge for Linux arises from unsafe deserialization of untrusted data (CWE-5
Arbitrary code execution and privilege escalation in NVIDIA Megatron Bridge on Linux arises from unsafe deserialization
Server-side request forgery in NVIDIA Megatron Bridge for Linux allows an attacker to coerce the software into issuing a
NVIDIA Megatron Bridge contains a vulnerability in a data shuffling tutorial, where malicious input could cause a code i
NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code inj
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41017
GHSA-h8c2-j9cr-f3p6