Description
NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Published: 2026-03-31
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A deserialization flaw in NVIDIA BioNeMo Framework allows an attacker to supply crafted data that the framework deserializes without proper validation. This vulnerability can be leveraged to execute arbitrary code, terminate services, exfiltrate sensitive data, or modify data integrity, as described in the CVE documentation. It is classified as CWE‑502, reflecting improper handling of serialized data streams.

Affected Systems

The affected product is NVIDIA’s BioNeMo Framework. No specific version identifiers are provided, indicating that any deployment of the framework may be vulnerable until a vendor update is applied.

Risk and Exploitability

The flaw carries a CVSS score of 8.8, marking it as high severity. EPSS data is not available, and the issue is not listed in CISA’s KEV catalog, suggesting limited public exploitation to date. The presumed attack vector involves an adversary delivering malicious serialized input to the framework, which then processes it untrusted, enabling the listed consequences.

Generated by OpenCVE AI on March 31, 2026 at 17:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA patch for BioNeMo if one is available.
  • If no patch exists, configure the framework to accept only data from trusted sources and disable or remove the deserialization functionality where practical.
  • Sanitize all incoming data streams before deserialization to ensure that only valid, expected structures are processed.
  • Monitor system logs for anomalous deserialization activity and implement rate limiting or additional validation checks to detect potential attacks.

Generated by OpenCVE AI on March 31, 2026 at 17:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Deserialization Flaw in NVIDIA BioNeMo Framework Allowing Potential Code Execution
First Time appeared Nvidia
Nvidia bionemo Framework
Vendors & Products Nvidia
Nvidia bionemo Framework

Tue, 31 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Bionemo Framework
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-03-31T17:06:08.146Z

Reserved: 2026-01-21T19:09:30.918Z

Link: CVE-2026-24164

cve-icon Vulnrichment

Updated: 2026-03-31T17:05:31.013Z

cve-icon NVD

Status : Received

Published: 2026-03-31T17:16:30.937

Modified: 2026-03-31T17:16:30.937

Link: CVE-2026-24164

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:37:54Z

Weaknesses