CVE-2026-24155
Undergoing Analysis Undergoing Analysis - In Progress
Code Injection Vulnerability in NVIDIA NeMo Framework

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: NVIDIA Corporation

Description
NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-24155
EUVD
EUVD-2026-37129
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nvidia nemo_framework *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24155 is a code injection vulnerability in the NVIDIA NeMo Framework that affects all platforms. This vulnerability allows an attacker to inject malicious code into the system.

A successful exploit could lead to unauthorized code execution, escalation of privileges, disclosure of sensitive information, and tampering with data.

The vulnerability is classified under CWE-94, which relates to improper control of code generation.

Impact Analysis

Exploitation of this vulnerability can have serious impacts including:

  • Execution of arbitrary code by an attacker.
  • Escalation of privileges, allowing attackers to gain higher access rights.
  • Disclosure of sensitive or confidential information.
  • Tampering with data, potentially compromising data integrity.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24155. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart