NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads() without authentication or input validation. Attackers can supply a crafted payload containing a __reduce__ gadget to the inference API port to achieve remote code execution as the inference process.
References
Configurations
No configuration.
History
17 Jun 2026, 19:18
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-17 18:18
Updated : 2026-07-14 22:17
NVD link : CVE-2026-53805
Mitre link : CVE-2026-53805
CVE.ORG link : CVE-2026-53805
JSON object : View
Products Affected
No product.
CWE
CWE-502
Deserialization of Untrusted Data
