EUVD-2026-15011
GHSA-m4jw-wgmf-889x
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.
Analysis
NVIDIA NeMo Framework contains a remote code execution vulnerability in its checkpoint loading mechanism caused by insecure deserialization (CWE-502). Attackers with local access and low privileges can exploit this to achieve code execution, privilege escalation, information disclosure, and data tampering with high impact on confidentiality, integrity, and availability. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running NVIDIA NeMo Framework and isolate affected instances from production networks if possible; notify the security and ML engineering teams. Within 7 days: Implement network segmentation to restrict access to NeMo instances to authorized users only, disable checkpoint loading from untrusted sources, and implement file integrity monitoring on checkpoint directories. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today