Main Vulnerability Database Vulnerabilities #VU131722

Deserialization of Untrusted Data in NVIDIA Nemo Framework - CVE-2026-24159

Published: May 18, 2026

Vulnerability identifier: #VU131722

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-24159

CWE-ID: CWE-502

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: nVidia

Affected software:
NVIDIA Nemo Framework

Detailed vulnerability description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to deserialization of untrusted data in the NeMo Framework when processing crafted input. A local user can provide crafted input to execute arbitrary code.

The advisory states that successful exploitation may also lead to information disclosure, data tampering, and escalation of privileges.

How to mitigate CVE-2026-24159

Install security update from vendor's website.

Sources

https://nvidia.custhelp.com/app/answers/detail/a_id/5800
https://www.nvidia.com/security/

Deserialization of Untrusted Data in NVIDIA Nemo Framework - CVE-2026-24159

Detailed vulnerability description

How to mitigate CVE-2026-24159

Sources

Please verify you're human