CVE-2026-24164
Deserialization Vulnerability in NVIDIA BioNeMo Enables Code Execution
Publication date: 2026-03-31
Last updated on: 2026-04-03
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | bionemo_framework | to 2026-01-21 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in NVIDIA BioNeMo involves deserialization of untrusted data, which can lead to code execution, denial of service, information disclosure, and data tampering.
Such impacts on confidentiality, integrity, and availability (all rated high) could potentially affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.
However, the provided information does not explicitly discuss or analyze the direct effects of this vulnerability on compliance with these or other common standards and regulations.
Can you explain this vulnerability to me?
CVE-2026-24164 is a vulnerability in the NVIDIA BioNeMo Framework involving the deserialization of untrusted data.
This flaw allows an attacker to exploit the system by providing malicious serialized input, which can lead to remote code execution, denial of service, information disclosure, and data tampering.
The vulnerability is classified under CWE-502 (Deserialization of Untrusted Data) and has a high severity score of 8.8 according to CVSS v3.1.
How can this vulnerability impact me? :
A successful exploit of this vulnerability might allow an attacker to:
- Execute arbitrary code remotely on the affected system.
- Cause denial of service, making the system unavailable.
- Disclose sensitive information to unauthorized parties.
- Tamper with data, compromising its integrity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-24164 vulnerability in NVIDIA BioNeMo, users should update their BioNeMo Framework to include commit e5e58c8 or later from the NVIDIA/BioNeMo Framework GitHub repository.
All Linux versions of the BioNeMo Framework that do not include this commit are affected, so it is critical to clone or update the software to incorporate this fix.
Users are also advised to monitor NVIDIAβs Product Security page for the latest security information and updates.