CVE-2026-24165
Received Received - Intake

Deserialization Vulnerability in NVIDIA BioNeMo Enables Code Execution

Vulnerability report for CVE-2026-24165, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-31

Last updated on: 2026-04-03

Assigner: NVIDIA Corporation

Description

NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-31
Last Modified
2026-04-03
Generated
2026-07-06
AI Q&A
2026-03-31
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nvidia bionemo_framework to 2026-01-21 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in NVIDIA BioNeMo allows for deserialization of untrusted data, which can lead to code execution, denial of service, information disclosure, and data tampering.

Such impacts on confidentiality, integrity, and availability could potentially affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

However, there is no explicit information provided about the direct effects of this vulnerability on compliance with these or other common standards and regulations.

Executive Summary

CVE-2026-24165 is a vulnerability in NVIDIA BioNeMo involving the deserialization of untrusted data. This means that an attacker can supply malicious serialized input to the system.

Exploiting this flaw could lead to remote code execution, denial of service, information disclosure, and data tampering.

The vulnerability has a high severity score of 7.8 according to CVSS v3.1, indicating it poses a significant security risk.

Impact Analysis

If exploited, this vulnerability can have severe impacts including:

  • Execution of arbitrary code, potentially allowing an attacker to take control of the affected system.
  • Denial of service, which can disrupt normal operations and availability of the system.
  • Information disclosure, leading to unauthorized access to sensitive data.
  • Data tampering, which can compromise the integrity of the system and its data.
Detection Guidance

The vulnerability involves deserialization of untrusted data in NVIDIA BioNeMo, which requires local access and user interaction to exploit. Detection would typically involve monitoring for suspicious deserialization activities or unexpected execution behaviors on systems running NVIDIA BioNeMo.

However, no specific detection commands or network signatures are provided in the available resources.

Mitigation Strategies

The resources do not provide explicit mitigation steps or patches for this vulnerability.

General best practices would include limiting local access to trusted users, avoiding interaction with untrusted data inputs in NVIDIA BioNeMo, and monitoring for updates or patches from NVIDIA to address this issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24165. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart