QSearchQSearch

CVE-2026-24155

7.8 HIGH

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability

Published: 2026-06-16 · Last updated: 2026-06-16

Severity and scoring

CVSS
7.8 HIGH
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-94

Affected products

VendorProduct
nvidianemo

Description

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-24228 NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data (7.8 HIGH)
  • CVE-2026-24237 NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data (7.8 HIGH)
  • CVE-2026-24221 NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data (7.8 HIGH)
  • CVE-2026-24199 NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering comp... (4.7 MEDIUM)
  • CVE-2026-24197 NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default ... (6.5 MEDIUM)

Same CWE

  • CVE-2026-49774 Improper Control of Generation of Code ('Code Injection') vulnerability in Filipe Nasc RD Station allows Remote Code Inclusion (9.9 CRITICAL)
  • CVE-2026-48017 DbGate is cross-platform database manager (8.8 HIGH)
  • CVE-2026-48836 Unauthenticated Remote Code Execution (RCE) in Easy Invoice <= 2.1.19 versions (10.0 CRITICAL)
  • CVE-2026-48124 Cursor is a code editor built for programming with AI
  • CVE-2026-39465 Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions (9.1 CRITICAL)