EUVD-2026-15009
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Analysis
NVIDIA Megatron-LM contains an unsafe deserialization vulnerability (CWE-502) in its checkpoint loading mechanism that allows remote code execution when a user loads a maliciously crafted checkpoint file. The vulnerability affects NVIDIA Megatron-LM installations and can lead to code execution, privilege escalation, information disclosure, and data tampering with a CVSS score of 7.8. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running NVIDIA Megatron-LM and document their network connectivity and data sensitivity. Within 7 days: Implement strict access controls limiting who can place or modify checkpoint files, establish file integrity monitoring on checkpoint directories, and restrict execution of untrusted checkpoints to isolated environments. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today