NVIDIA Megatron-LM load_base_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability

NVIDIA's Megatron-LM contains a remote code execution vulnerability (CVE-2026-24149) with a CVSS score of 7.8 that allows attackers to execute arbitrary code on affected systems when users interact with malicious web pages or files. An attacker exploiting this flaw gains the ability to run arbitrary commands with the privileges of the affected application, potentially compromising systems running this machine learning framework. Security teams should prioritize patching Megatron-LM installations immediately and educate users to avoid opening untrusted files or visiting suspicious links, particularly those related to this framework.