CVE-2026-24165
Deserialization Vulnerability in NVIDIA BioNeMo Enables Code Execution
Publication date: 2026-03-31
Last updated on: 2026-04-03
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | bionemo_framework | to 2026-01-21 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in NVIDIA BioNeMo allows for deserialization of untrusted data, which can lead to code execution, denial of service, information disclosure, and data tampering.
Such impacts on confidentiality, integrity, and availability could potentially affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.
However, there is no explicit information provided about the direct effects of this vulnerability on compliance with these or other common standards and regulations.
Can you explain this vulnerability to me?
CVE-2026-24165 is a vulnerability in NVIDIA BioNeMo involving the deserialization of untrusted data. This means that an attacker can supply malicious serialized input to the system.
Exploiting this flaw could lead to remote code execution, denial of service, information disclosure, and data tampering.
The vulnerability has a high severity score of 7.8 according to CVSS v3.1, indicating it poses a significant security risk.
How can this vulnerability impact me? :
If exploited, this vulnerability can have severe impacts including:
- Execution of arbitrary code, potentially allowing an attacker to take control of the affected system.
- Denial of service, which can disrupt normal operations and availability of the system.
- Information disclosure, leading to unauthorized access to sensitive data.
- Data tampering, which can compromise the integrity of the system and its data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves deserialization of untrusted data in NVIDIA BioNeMo, which requires local access and user interaction to exploit. Detection would typically involve monitoring for suspicious deserialization activities or unexpected execution behaviors on systems running NVIDIA BioNeMo.
However, no specific detection commands or network signatures are provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The resources do not provide explicit mitigation steps or patches for this vulnerability.
General best practices would include limiting local access to trusted users, avoiding interaction with untrusted data inputs in NVIDIA BioNeMo, and monitoring for updates or patches from NVIDIA to address this issue.