CVE-2026-24217

8.8 HIGH

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file

Published: 2026-05-20 · Last updated: 2026-05-21

Severity and scoring

CVSS: 8.8 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-29

Affected products

Vendor	Product
nvidia	bionemo_framework

Description

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-24217
[Other]https://nvd.nist.gov/vuln/detail/CVE-2026-24217
[Vendor advisory]https://nvidia.custhelp.com/app/answers/detail/a_id/5831
[Other]https://www.cve.org/CVERecord?id=CVE-2026-24217

Related CVEs

Same vendor

CVE-2026-24237 — NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data (7.8 HIGH)
CVE-2026-24221 — NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data (7.8 HIGH)
CVE-2026-24199 — NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering comp... (4.7 MEDIUM)
CVE-2026-24197 — NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default ... (6.5 MEDIUM)
CVE-2026-24196 — NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read (7.1 HIGH)

Same CWE

CVE-2026-10732 — All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) when extracting a ZIP arc... (6.4 MEDIUM)