Description
NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.
Published: 2026-03-24
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A flaw in NVIDIA NeMo Framework allows an attacker to trigger remote code execution by delivering malicious input. The vulnerability is categorized as CWE-502 (Deserialization of Untrusted Data) and can lead to code execution, privilege escalation, information disclosure, and data tampering. Successful exploitation would compromise the integrity and availability of the affected system, potentially allowing full system compromise.

Affected Systems

The vulnerability affects NVIDIA NeMo Framework. No specific version range is provided in the CNA data, so all releases of the framework are potentially at risk until an official patch or upgrade is applied.

Risk and Exploitability

The flaw carries a CVSS score of 7.8, indicating high impact. EPSS shows a probability of less than 1 % for exploitation in the wild, and the issue is not listed in CISA’s KEV catalog. The likely attack vector is remote, where an attacker sends crafted input to the framework over a network or through a local interface. No additional exploitation prerequisites are described in the entry.

Generated by OpenCVE AI on March 31, 2026 at 05:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check NVIDIA’s support site for available patches or an upgraded NeMo Framework release.
  • If a patch is available, apply it immediately and restart the framework services.
  • If no patch is available, restrict external access to NeMo services, monitor logs for anomalous activity, and isolate the affected system from critical infrastructure.

Generated by OpenCVE AI on March 31, 2026 at 05:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-v7v2-m736-cf3c NVIDIA NeMo Framework contains a vulnerability leading to Remote Code Execution
History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Remote Code Execution in NVIDIA NeMo Framework Enables Privilege Escalation and Data Manipulation

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia nemo
CPEs cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*
Vendors & Products Nvidia nemo

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Remote Code Execution in NVIDIA NeMo Framework Enables Privilege Escalation and Data Manipulation

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia nemo Framework
Vendors & Products Nvidia
Nvidia nemo Framework

Tue, 24 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Nemo Nemo Framework
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-03-25T03:56:17.917Z

Reserved: 2026-01-21T19:09:29.851Z

Link: CVE-2026-24159

cve-icon Vulnrichment

Updated: 2026-03-24T20:53:24.662Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T21:16:28.153

Modified: 2026-03-31T01:27:44.567

Link: CVE-2026-24159

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:09:19Z

Weaknesses