Which versions of NVIDIA GEN3C are affected by CVE-2026-53805?

NVIDIA's GEN3C inference API server contains a critical vulnerability enabling remote code execution without requiring authentication, directly threatening any organization that deploys this…. A patch is available.

How to fix or mitigate CVE-2026-53805?

Within 24 hours: Identify all GEN3C inference API instances in your environment and immediately restrict network access to the /request-inference and /seed-model endpoints from untrusted sources. Within 7 days: Apply the vendor-released patch from NVIDIA Spatial Intelligence Lab and verify successful deployment across all production and non-production systems. Within 30 days: Conduct a security audit of all inference API access controls and implement network segmentation to limit these endpoints to only authorized internal services.

NVIDIA GEN3C CVE-2026-53805

Q: What is the CVSS score of CVE-2026-53805?

CVE-2026-53805 has a CVSS 4.0 base score of 9.3 (Critical). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.7%.

CRITICAL

Deserialization of Untrusted Data (CWE-502)

2026-06-17 VulnCheck

Nvidia Deserialization Python RCE Gen3C

9.3

CVSS 4.0 · Vendor: VulnCheck

Severity by source

Vendor (VulnCheck) PRIMARY

9.3 CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

vuln.today AI

9.8 CRITICAL

Network-reachable HTTP endpoint, no auth or user interaction, single crafted request triggers pickle deserialization yielding full code execution and complete confidentiality, integrity, and availability impact on the host process.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

Jun 17, 2026 - 18:01 vuln.today

Analysis Generated

Jun 17, 2026 - 18:01 vuln.today

DescriptionCVE.org

NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads() without authentication or input validation. Attackers can supply a crafted payload containing a __reduce__ gadget to the inference API port to achieve remote code execution as the inference process.

Articles & Coverage 1

News Critical RCE in NVIDIA GEN3C Inference API Server - CVE-2026-53805 Jun 17, 2026

AnalysisAI

Unauthenticated remote code execution in NVIDIA Spatial Intelligence Lab's GEN3C inference API server allows network attackers to execute arbitrary Python code by sending crafted pickle payloads to the /request-inference and /seed-model endpoints. The endpoints feed raw HTTP bodies directly into pickle.loads() with no authentication or validation, so a standard __reduce__ gadget yields code execution as the inference process. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Discover exposed GEN3C inference port

Delivery

Craft pickle payload with __reduce__ gadget

Exploit

POST raw body to /request-inference

Execution

Server pickle.loads triggers gadget

Persist

Execute commands as inference process

Impact

Pivot on GPU host

Access

Discover exposed GEN3C inference port

Delivery

Craft pickle payload with __reduce__ gadget

Exploit

POST raw body to /request-inference

Execution

Server pickle.loads triggers gadget

Persist

Execute commands as inference process

Impact

Pivot on GPU host

Vulnerability AssessmentAI

Exploitation	Exploitation requires network reachability to the GEN3C inference API server's HTTP port and that the server is running an unpatched build that still routes /request-inference and /seed-model bodies through pickle.loads(); no credentials, user interaction, or non-default configuration are needed, since these endpoints are unauthenticated by design in the vulnerable code. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H) and base score 9.3 are well supported by the description: a single HTTP POST to a network-reachable port yields full code execution with no authentication or user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker who can reach the GEN3C inference API port - for example on a misconfigured workstation, shared lab GPU host, or cloud VM with an open port - crafts a Python pickle blob whose __reduce__ method invokes os.system or subprocess.Popen with an attacker-chosen command, then POSTs the raw bytes to /request-inference or /seed-model. pickle.loads() on the server immediately executes the gadget as the inference process user, yielding interactive shell access on the GPU host without any credentials or user interaction. …
Remediation	Upstream fix available (commit db2ffe12ced12ddafcec5e0422ee46ce8520746b in nv-tlabs/GEN3C via PRs #62 and #63); released patched version not independently confirmed, so users should pull the current main branch or cherry-pick that commit, which removes pickle.dumps/loads from gui/api/client.py and introduces gui/api/safe_serialization.py using safetensors plus an allow-listed JSON header. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all GEN3C inference API instances in your environment and immediately restrict network access to the /request-inference and /seed-model endpoints from untrusted sources. …

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-49257 CRITICAL Act Now

10.0 Jun 18

Authentication bypass in StarTree mcp-pinot versions 3.0.1 and earlier exposes the Model Context Protocol HTTP server on

CVE-2026-10561 CRITICAL Act Now

10.0 Jun 22

Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom

CVE-2026-55255 CRITICAL Act Now

9.9 Jun 19

Cross-user flow execution in Langflow versions prior to 1.9.1 allows any authenticated API user to run another user's fl

CVE-2026-53753 CRITICAL Act Now

9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-38714 CRITICAL Act Now

9.8 Jun 18

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a co

CVE-2026-53805 vulnerability details – vuln.today

Back