26
CVEs
1
Critical
20
High
0
KEV
0
PoC
19
Unpatched C/H
7.7%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
20
MEDIUM
5
LOW
0
Monthly CVE Trend
Affected Products (27)
Windows
38
Triton Inference Server
24
Cuda Toolkit
21
Deserialization
16
Dgx Os
14
Nemo
13
Python
13
Memory Corruption
11
Integer Overflow
6
Megatron Lm
6
Linux Kernel
6
Stack Overflow
6
Null Pointer Dereference
4
Nvidia Container Toolkit
4
Command Injection
4
Nvidia Gpu Operator
4
Nvdebug
3
Heap Overflow
3
Use After Free
3
Race Condition
3
Nvjpeg
2
Nemo Curator
1
Apex
1
Pytorch
1
AI / ML
1
Nosql Injection
1
OpenSSL
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-33244 | NVIDIA APEX for Linux contains a deserialization of untrusted data vulnerability that affects environments using PyTorch versions earlier than 2.6. An attacker with low privileges on an adjacent network can exploit this flaw to achieve code execution, denial of service, privilege escalation, data tampering, and information disclosure with scope change (CVSS 9.0 Critical). No KEV listing or public POC availability has been reported at this time. | CRITICAL | 9.0 | 0.0% | 45 |
No patch
|
| CVE-2026-24164 | Insecure deserialization in NVIDIA BioNeMo Framework enables remote code execution when attackers can induce users to process malicious serialized data. This vulnerability (CWE-502) affects the BioNeMo Framework with network-reachable attack surface (AV:N) and low complexity (AC:L), requiring only user interaction (UI:R) but no authentication (PR:N). The CVSS 8.8 rating reflects critical impacts across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the deserialization vulnerability class is well-understood and commonly exploited. EPSS data not available for this CVE. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-24148 | NVIDIA Jetson system initialization flaw allows authenticated remote attackers to exploit insecure default machine IDs, enabling cross-device information disclosure of encrypted data and tampering. Affects JetPack on Xavier and Orin series devices. CVSS 8.3 (High) with network attack vector and low complexity. EPSS data not available; no confirmed active exploitation (CISA KEV status not present). The vulnerability enables attackers with low-level privileges to compromise multiple devices sharing identical default machine identifiers, undermining cryptographic protections and system integrity across the device fleet. | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2025-33247 | NVIDIA Megatron LM contains an insecure deserialization vulnerability (CWE-502) in its quantization configuration loading mechanism that enables remote code execution. Attackers with local access and low privileges can exploit this flaw to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The vulnerability has a CVSS score of 7.8 and affects all versions of NVIDIA Megatron LM based on available CPE data. | HIGH | 7.8 | 0.3% | 39 |
No patch
|
| CVE-2026-24157 | NVIDIA NeMo Framework contains a remote code execution vulnerability in its checkpoint loading mechanism caused by insecure deserialization (CWE-502). Attackers with local access and low privileges can exploit this to achieve code execution, privilege escalation, information disclosure, and data tampering with high impact on confidentiality, integrity, and availability. According to SSVC framework, there is currently no observed exploitation in the wild, though the technical impact is rated as total. | HIGH | 7.8 | 0.1% | 39 |
|
| CVE-2026-24159 | NVIDIA NeMo Framework contains an insecure deserialization vulnerability (CWE-502) that allows authenticated local attackers to execute arbitrary code. The vulnerability affects NVIDIA NeMo Framework installations and can lead to code execution, privilege escalation, information disclosure, and data tampering. According to CISA's SSVC framework, there is currently no evidence of active exploitation in the wild, and the attack is not automatable, though technical impact is rated as total. | HIGH | 7.8 | 0.1% | 39 |
|
| CVE-2025-33248 | NVIDIA Megatron-LM contains a critical unsafe deserialization vulnerability (CWE-502) in its hybrid conversion script that allows remote code execution when a user loads a maliciously crafted file. The vulnerability affects NVIDIA Megatron-LM installations and enables attackers to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. With a CVSS score of 7.8 and local attack vector requiring low privileges and no user interaction, this represents a significant risk for organizations using this large language model training framework. | HIGH | 7.8 | 0.1% | 39 |
No patch
|
| CVE-2026-24150 | NVIDIA Megatron-LM contains an unsafe deserialization vulnerability (CWE-502) in its checkpoint loading functionality that allows remote code execution when a user is tricked into loading a maliciously crafted checkpoint file. The vulnerability affects NVIDIA Megatron-LM installations and can lead to code execution, privilege escalation, information disclosure, and data tampering with a CVSS score of 7.8. There is no current indication of active exploitation in CISA's KEV catalog, and EPSS data was not provided in the intelligence sources. | HIGH | 7.8 | 0.1% | 39 |
No patch
|
| CVE-2026-24151 | NVIDIA Megatron-LM contains an insecure deserialization vulnerability (CWE-502) during model inferencing that allows remote code execution when a user loads a maliciously crafted input file. This vulnerability has a CVSS score of 7.8 and requires local access with low privileges but no user interaction, enabling attackers to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The vulnerability affects NVIDIA's large language model training framework widely used in AI research and production environments. | HIGH | 7.8 | 0.1% | 39 |
No patch
|
| CVE-2026-24152 | NVIDIA Megatron-LM contains an unsafe deserialization vulnerability (CWE-502) in its checkpoint loading mechanism that allows remote code execution when a user loads a maliciously crafted checkpoint file. The vulnerability affects NVIDIA Megatron-LM installations and can lead to code execution, privilege escalation, information disclosure, and data tampering with a CVSS score of 7.8. The attack requires local access and low privileges but no user interaction once the malicious file is loaded. | HIGH | 7.8 | 0.1% | 39 |
No patch
|
| CVE-2026-24141 | NVIDIA Model Optimizer for Windows and Linux contains an unsafe deserialization vulnerability in its ONNX quantization feature that allows attackers to execute arbitrary code by providing a malicious input file. Users who process untrusted ONNX model files are at risk of complete system compromise, including code execution, privilege escalation, data tampering, and information disclosure. There is no current evidence of active exploitation (not in CISA KEV) or public proof-of-concept availability. | HIGH | 7.8 | 0.1% | 39 |
No patch
|
| CVE-2026-24165 | Deserialization of untrusted data in NVIDIA BioNeMo Framework enables local attackers to execute arbitrary code, cause denial of service, disclose sensitive information, or tamper with data when users open malicious files. CVSS 7.8 (High) reflects local attack vector requiring user interaction. EPSS data not available; no public exploit identified at time of analysis. Affects NVIDIA BioNeMo Framework, a platform for AI-driven drug discovery and biomolecular research. | HIGH | 7.8 | 0.1% | 39 |
No patch
|
| CVE-2026-24154 | Command injection in NVIDIA Jetson Linux initrd allows physical attackers to execute arbitrary code with elevated privileges across Jetson Xavier, Orin, and Thor series devices. An attacker with physical access can inject malicious command-line arguments during boot without authentication (CVSS:3.1/AV:P/AC:L/PR:N), leading to complete system compromise including root-level code execution, denial of service, and data exfiltration. EPSS data not available; no public exploit identified at time of analysis, though the low attack complexity (AC:L) and physical-only requirement (AV:P) suggest exploitation is straightforward for adversaries with device access. | HIGH | 7.6 | 0.0% | 38 |
No patch
|
| CVE-2026-24158 | NVIDIA Triton Inference Server contains a denial of service vulnerability in its HTTP endpoint that can be exploited by sending large compressed payloads. The vulnerability has a CVSS score of 7.5 (High) and is exploitable remotely without authentication or user interaction. There is no evidence of active exploitation (not in CISA KEV), and no public proof-of-concept has been identified at this time. | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2026-24146 | NVIDIA Triton Inference Server crashes when processing inference requests with insufficient input validation combined with large output counts, enabling remote denial of service without authentication (CVSS 7.5, EPSS data not available). The vulnerability affects all versions prior to r26.02, with no public exploit identified at time of analysis. Unauthenticated remote attackers can exploit this flaw with low complexity (AV:N/AC:L/PR:N) to completely disrupt machine learning inference services. | HIGH | 7.5 | 0.0% | 38 |
No patch
|