Description
NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Published: 2026-03-31
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

The NVIDIA BioNeMo Framework suffers from deserialization of untrusted data, which can allow an attacker to execute arbitrary code, cause a denial of service, disclose information, and tamper with data.

Affected Systems

Vulnerable systems include NVIDIA BioNeMo Framework, with no specific version list available in the advisory.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the near term. The issue is not yet listed in the CISA KEV catalog. The most likely attack vector involves delivering malicious serialized input to the framework; details on whether this requires local or remote access are not provided, so an inference is that any component that handles external serialized data could be a target.

Generated by OpenCVE AI on April 3, 2026 at 21:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA BioNeMo Framework patch as soon as it is available.
  • Until a patch is installed, avoid deserializing data from untrusted or unauthenticated sources.
  • Monitor logs and system behavior for signs of abnormal activity or exploitation attempts.
  • If necessary, contact NVIDIA support for guidance or escalation.

Generated by OpenCVE AI on April 3, 2026 at 21:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Deserialization Vulnerability in NVIDIA BioNeMo Framework Allows Remote Code Execution

Fri, 03 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nvidia:bionemo_framework:*:*:*:*:*:*:*:*

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia bionemo Framework
Vendors & Products Nvidia
Nvidia bionemo Framework

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Bionemo Framework
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-03-31T16:58:48.861Z

Reserved: 2026-01-21T19:09:30.918Z

Link: CVE-2026-24165

cve-icon Vulnrichment

Updated: 2026-03-31T16:58:45.439Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T17:16:31.727

Modified: 2026-04-03T18:57:58.437

Link: CVE-2026-24165

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:07:53Z

Weaknesses