Description
NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Published: 2026-05-20
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a path traversal flaw in NVIDIA BioNeMo Core for Linux that permits a malicious file to be loaded from an arbitrary location. Classified as CWE‑29, this weakness can lead to code execution, denial of service, information disclosure, and data tampering.

Affected Systems

All installations of NVIDIA BioNeMo Core for Linux are potentially affected. Specific version details were not provided, so any unpatched instance may be vulnerable.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity, but no EPSS score is available and the flaw is not listed in CISA's KEV catalog. Based on the description, it is inferred that an attacker must be able to influence the file‑loading mechanism of the application; if the component is exposed to external input such as a user‑visible interface or an API, exploitation could be possible remotely. The required privilege level or attack vector is not explicitly stated, so the risk depends on how the application handles file paths. If the attacker can supply a crafted path, they may traverse directories, load malicious code, or overwrite critical files, thereby achieving remote code execution, disrupting service, or compromising sensitive data.

Generated by OpenCVE AI on May 20, 2026 at 21:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any NVIDIA BioNeMo Core patch that resolves the path traversal flaw as soon as it becomes available.
  • Configure the application to restrict file loading to a specific, trusted directory and enforce strict path validation that rejects any absolute or relative paths attempting to escape that directory.
  • Run the BioNeMo Core process with the least privileges necessary, ensuring it cannot write to privileged locations or modify system binaries.
  • Monitor file system changes and audit logs for unauthorized file creation or modification that could indicate exploitation attempts.

Generated by OpenCVE AI on May 20, 2026 at 21:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Path Traversal in NVIDIA BioNeMo Core Allows Arbitrary File Access and Potential Code Execution

Wed, 20 May 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia bionemo Framework
Vendors & Products Nvidia
Nvidia bionemo Framework

Wed, 20 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Weaknesses CWE-29
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Bionemo Framework
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-20T19:31:19.355Z

Reserved: 2026-01-21T19:09:35.635Z

Link: CVE-2026-24217

cve-icon Vulnrichment

Updated: 2026-05-20T19:31:15.187Z

cve-icon NVD

Status : Received

Published: 2026-05-20T20:16:36.487

Modified: 2026-05-20T20:16:36.487

Link: CVE-2026-24217

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T21:30:36Z

Weaknesses