EUVD-2026-33984
GHSA-hj75-h2wq-2xm2
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure.
AnalysisAI
Local code execution in NVIDIA NVTabular allows an authenticated low-privileged user to abuse improper deserialization of untrusted data to run arbitrary code, tamper with data, and disclose sensitive information. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting a local attack vector with low complexity and low privileges; no public exploit identified at time of analysis and the issue is not on the CISA KEV list.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must have local access to the system (AV:L) and low-privileged authenticated access (PR:L) sufficient to place or substitute an NVTabular-loadable artifact - typically a workflow, preprocessing pipeline, or saved-state file - at a path that NVTabular subsequently deserializes; no user interaction is required (UI:N) once the victim process loads the file. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector (AV:L/AC:L/PR:L/UI:N, C/I/A all High) places this firmly as a local-privileged-code-execution issue rather than a remote attack: an attacker must already have a foothold on the host and the ability to influence what file NVTabular loads. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | On a shared GPU workstation or ML platform, a low-privileged data scientist drops a malicious NVTabular workflow file into a directory consumed by a scheduled training job running under a more privileged service account. When the job calls the vulnerable deserialization path, the embedded pickle gadget executes, giving the attacker code execution as the training user with access to model weights, dataset secrets, and any mounted credentials. … |
| Remediation | Upgrade NVTabular to the fixed release identified in NVIDIA security bulletin a_id/5851 (https://nvidia.custhelp.com/app/answers/detail/a_id/5851) - the exact fix version is not reproduced in the provided data, so consult that advisory for the precise build, and rebuild any Merlin or custom container images that pin a vulnerable NVTabular wheel. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all deployed NVTabular instances and document current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Arbitrary file read leading to remote code execution affects Langflow versions prior to 1.9.2 in any flow that uses Base
Unauthenticated remote code execution in NVIDIA Spatial Intelligence Lab's GEN3C inference API server allows network att
Code injection in NVIDIA NeMo Framework across all supported platforms allows a local attacker with low privileges to ex
Local code execution in NVIDIA NeMo Framework on Linux allows an authenticated low-privileged attacker to abuse unsafe d
Share
External POC / Exploit Code
Leaving vuln.today