CVE-2026-24155
Analyzed Analyzed - Analysis Complete

Code Injection Vulnerability in NVIDIA NeMo Framework

Vulnerability report for CVE-2026-24155, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: NVIDIA Corporation

Description

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nvidia nemo to 2.7.3 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-24155 is a code injection vulnerability in the NVIDIA NeMo Framework that affects all platforms. This vulnerability allows an attacker to inject malicious code into the system.

A successful exploit could lead to unauthorized code execution, escalation of privileges, disclosure of sensitive information, and tampering with data.

The vulnerability is classified under CWE-94, which relates to improper control of code generation.

Impact Analysis

Exploitation of this vulnerability can have serious impacts including:

  • Execution of arbitrary code by an attacker.
  • Escalation of privileges, allowing attackers to gain higher access rights.
  • Disclosure of sensitive or confidential information.
  • Tampering with data, potentially compromising data integrity.
Compliance Impact

The provided information does not specify how the CVE-2026-24155 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24155. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart