Description
NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Published: 2026-03-31
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

The vulnerability in NVIDIA BioNeMo Framework is a deserialization flaw that allows untrusted data to be processed. This weakness, identified as CWE-502, could result in code execution, denial of service, information disclosure, and data tampering if an attacker supplies crafted input. The CVSS score of 7.8 indicates a high potential impact on confidentiality, integrity, and availability.

Affected Systems

Affected systems include any deployment of the NVIDIA BioNeMo Framework. No specific version identifiers are provided, so administrators should verify that they are running the latest available release and consult NVIDIA for any advisories. The lack of version detail means all installations of this product are potentially at risk until a patch is applied.

Risk and Exploitability

The exploit requires an attacker to provide serialized data to the framework. While explicit attack vectors are not detailed, it is inferred that any input pathway that accepts serialized formats could be abused. Because the flaw yields full code execution and the CVSS rating is high, the threat level is significant; however, exploit probability data is not provided, and the vulnerability is not listed in KEV. Prompt remediation is advised.

Generated by OpenCVE AI on March 31, 2026 at 17:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update NVIDIA BioNeMo Framework to the latest release that addresses the deserialization flaw.
  • If an immediate update is not possible, limit the framework’s exposure by restricting data input to trusted sources only.
  • Disable any unused or unnecessary deserialization features that accept external data.
  • Monitor logs for signs of abnormal deserialization activity and investigate promptly.

Generated by OpenCVE AI on March 31, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia bionemo Framework
Vendors & Products Nvidia
Nvidia bionemo Framework

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Bionemo Framework
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-03-31T16:58:48.861Z

Reserved: 2026-01-21T19:09:30.918Z

Link: CVE-2026-24165

cve-icon Vulnrichment

Updated: 2026-03-31T16:58:45.439Z

cve-icon NVD

Status : Received

Published: 2026-03-31T17:16:31.727

Modified: 2026-03-31T17:16:31.727

Link: CVE-2026-24165

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:37:53Z

Weaknesses