Description
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure.
Published: 2026-06-02
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA NVTabular is vulnerable to improper deserialization of untrusted data, a flaw that falls under CWE‑502. An attacker who can supply maliciously crafted serialized objects to NVTabular may be able to force the application to execute arbitrary code, tamper with data, or disclose sensitive information. The reported vulnerability does not specify additional privileges or network access requirements, but it indicates that a successful exploit could have significant confidentiality, integrity, and availability consequences for the affected system.

Affected Systems

The affected product is NVIDIA NVTabular. No specific version range is provided in the current advisory, so any deployment of NVTabular that has not been confirmed to contain the fix should be considered at risk.

Risk and Exploitability

The CVSS score of 7.8 classifies this issue as High severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector involves an attacker providing malicious serialized data to NVTabular, such as through a data ingestion pipeline or API. An exploitation would require the ability to supply the malicious payload; no privileged system state is explicitly required in the advisory.

Generated by OpenCVE AI on June 2, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch or upgrade to a version of NVIDIA NVTabular that contains the fix for CVE-2026-24221.
  • Re‑architect data ingestion so that only trusted, authenticated sources are allowed to provide serialized data to NVTabular.
  • Before deserializing any input, validate the data against a whitelist of allowed types or use a secure deserialization library that mitigates arbitrary code execution.
  • If an upgrade is not possible immediately, employ network segmentation to restrict access to the NVTabular service and monitor for anomalous deserialization attempts.

Generated by OpenCVE AI on June 2, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Improper Deserialization in NVIDIA NVTabular Leading to Code Execution and Information Disclosure
First Time appeared Nvidia
Nvidia nvtabular
Vendors & Products Nvidia
Nvidia nvtabular

Tue, 02 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Nvtabular
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-06-02T16:48:58.868Z

Reserved: 2026-01-21T19:09:36.964Z

Link: CVE-2026-24221

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-02T17:16:27.377

Modified: 2026-06-02T17:19:15.030

Link: CVE-2026-24221

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T18:30:15Z

Weaknesses