Description
NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserialization by providing a specially crafted input file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Published: 2026-03-24
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Potential Remote Code Execution via unsafe deserialization
Action: Immediate Patch
AI Analysis

Impact

An attacker can provide a specially crafted ONNX file to the Model Optimizer's quantization routine, causing unsafe deserialization. This flaw may lead to arbitrary code execution, privilege escalation, data tampering, and information disclosure as described in the vendor’s advisory.

Affected Systems

The vulnerability affects NVIDIA’s Model Optimizer product running on both Windows and Linux platforms. No specific software versions are listed, so all installed instances may be at risk if they expose the ONNX quantization feature to untrusted input.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.8, indicating high severity. EPSS information is not available, and the flaw is not currently noted in the CISA KEV catalog. The likely attack vector involves an attacker supplying a malicious ONNX file to a user or process that invokes the quantization function, which may be a local or remote threat depending on user permissions and network exposure.

Generated by OpenCVE AI on March 24, 2026 at 21:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest NVIDIA Model Optimizer update that addresses the unsafe deserialization flaw
  • Validate and sandbox all ONNX files before they are processed by the quantization feature
  • Restrict user access to the quantization functionality to trusted administrators only
  • Monitor error logs for deserialization failures and investigate unexpected behavior promptly

Generated by OpenCVE AI on March 24, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Unsafe Deserialization in NVIDIA Model Optimizer ONNX Quantization

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia nvidia Model Optimizer
Vendors & Products Nvidia
Nvidia nvidia Model Optimizer

Tue, 24 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserialization by providing a specially crafted input file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Nvidia Model Optimizer
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-03-25T14:27:06.831Z

Reserved: 2026-01-21T19:09:27.437Z

Link: CVE-2026-24141

cve-icon Vulnrichment

Updated: 2026-03-25T14:24:28.562Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T21:16:27.203

Modified: 2026-03-25T15:41:58.280

Link: CVE-2026-24141

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:57:21Z

Weaknesses