CVE-2026-24157

NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvd.nist.gov/vuln/detail/CVE-2026-24157	Third Party Advisory US Government Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5800	Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2026-24157	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*

History

31 Mar 2026, 01:29

Type	Values Removed	Values Added
CPE		cpe:2.3:a:nvidia:nemo::::::::
First Time		Nvidia nemo Nvidia
References	~~() https://nvd.nist.gov/vuln/detail/CVE-2026-24157 -~~	() https://nvd.nist.gov/vuln/detail/CVE-2026-24157 - Third Party Advisory, US Government Resource
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5800 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5800 - Vendor Advisory
References	~~() https://www.cve.org/CVERecord?id=CVE-2026-24157 -~~	() https://www.cve.org/CVERecord?id=CVE-2026-24157 - Third Party Advisory
Summary		(es) NVIDIA NeMo Framework contiene una vulnerabilidad en la carga de puntos de control donde un atacante podría causar ejecución remota de código. Un exploit exitoso de esta vulnerabilidad podría conducir a la ejecución de código, escalada de privilegios, revelación de información y manipulación de datos.

24 Mar 2026, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-24 21:16

Updated : 2026-03-31 01:29

NVD link : CVE-2026-24157

Mitre link : CVE-2026-24157

CVE.ORG link : CVE-2026-24157

JSON object : View

Products Affected

nvidia

nemo

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2026-24157", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-03-24T21:16:27.823", "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24157", "tags": ["Third Party Advisory", "US Government Resource"], "source": "psirt@nvidia.com"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5800", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24157", "tags": ["Third Party Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering."}, {"lang": "es", "value": "NVIDIA NeMo Framework contiene una vulnerabilidad en la carga de puntos de control donde un atacante podr\u00eda causar ejecuci\u00f3n remota de c\u00f3digo. Un exploit exitoso de esta vulnerabilidad podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo, escalada de privilegios, revelaci\u00f3n de informaci\u00f3n y manipulaci\u00f3n de datos."}], "lastModified": "2026-03-31T01:29:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A84F776-6444-4FF9-AE88-EC0B4045B9A9", "versionEndExcluding": "2.6.2"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@nvidia.com"}