Description
NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Published: 2026-05-20
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability results from deserialization of data that is not trusted by NVIDIA BioNeMo. If an attacker supplies specially crafted input, the deserialization routine may execute arbitrary code, leading to code execution, denial of service, information disclosure, or data tampering. The worst‑case outcome is that an attacker gains full control over the affected system.

Affected Systems

The vulnerability affects the NVIDIA BioNeMo Framework for Linux. No specific permissive versions are enumerated in the public data; it applies to the current distributed release of the framework.

Risk and Exploitability

The CVSS score of 7.8 signals high severity, indicating that exploitation could have critical impacts. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the attack vector relies on the supply of untrusted data to BioNeMo’s deserialization routines, potentially requiring local privileges or a remote channel that can deliver such data to the framework.

Generated by OpenCVE AI on May 20, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official NVIDIA patch or upgrade to the latest release of BioNeMo.
  • Restrict access to the data sources that feed the deserialization process, ensuring only trusted content is accepted.
  • Enable and review audit logs for anomalous activity related to deserialization operations.

Generated by OpenCVE AI on May 20, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:a:nvidia:bionemo_framework:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Wed, 20 May 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia bionemo Framework
Vendors & Products Nvidia
Nvidia bionemo Framework

Wed, 20 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Linux Linux Kernel
Nvidia Bionemo Framework
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-20T19:36:04.890Z

Reserved: 2026-01-21T19:09:35.634Z

Link: CVE-2026-24216

cve-icon Vulnrichment

Updated: 2026-05-20T19:35:59.199Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T20:16:36.350

Modified: 2026-05-21T20:08:32.900

Link: CVE-2026-24216

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T20:30:39Z

Weaknesses