CVE-2026-24222 - Vulnerability Details

- Remote Information Disclosure via Prompt Injection in NeMoClaw Sandbox Initialization

Description

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure.

Published: 2026-04-28

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

NVIDIA NeMoClaw contains an improper access control flaw in the sandbox environment initialization component. A remote attacker can send prompt‑injected content that causes the agent to read and exfiltrate host environment variables that should have been restricted during sandbox creation. The primary consequence is the disclosure of sensitive information gleaned from those variables, potentially revealing configuration secrets or credentials. This weakness is classified as CWE‑497 and results in a high CVSS score of 8.6.

Affected Systems

The vulnerability affects NVIDIA NeMoClaw. No specific product versions are listed in the CNA data, so any deployed instance of NeMoClaw could be impacted until an official fix is applied.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity vulnerability requiring prompt attention. While the EPSS score is not available, the lack of a KEV listing does not mitigate the risk of exploitation. The likely attack vector is remote; an adversary must be able to interact with the NeMoClaw agent, typically via network or API access, to inject the malicious prompt that triggers the unauthorized read of host environment variables. Successful exploitation leads to unprivileged information disclosure that could aid further attacks.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NVIDIA

NemoClaw

unaffected

Version	Status	Constraints
`All versions prior to v0.0.18`	affected	—

No data.

Vendor Product Confidence Versions

Nvidia

Nemoclaw

100%

Version	Status	Scheme	Platform
`[0,0.0.18)`	affected	semver	['All']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade NeMoClaw to a version that contains the vendor‑supplied fix once it is released; consult NVIDIA’s official advisory for patch details
If an update cannot be applied immediately, segment the NeMoClaw deployment from untrusted networks or implement firewall rules to restrict inbound connections to the agent endpoint
Review and strengthen the sandbox initialization configuration by explicitly blocking or sanitizing host environment variables from being exposed to the agent, thereby addressing the CWE‑497 misuse of restricted permissions

Generated by OpenCVE AI on April 29, 2026 at 02:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0004.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2026-24222
https://nvidia.custhelp.com/app/answers/detail/a_id/5837
https://www.cve.org/CVERecord?id=CVE-2026-24222

History

Wed, 29 Apr 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 29 Apr 2026 10:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nvidia Nvidia nemoclaw
Vendors & Products		Nvidia Nvidia nemoclaw

Wed, 29 Apr 2026 02:30:00 +0000

Type	Values Removed	Values Added
Title		Remote Information Disclosure via Prompt Injection in NeMoClaw Sandbox Initialization

Tue, 28 Apr 2026 19:15:00 +0000

Type	Values Removed	Values Added
Description		NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure.
Weaknesses		CWE-497
References		https://nvd.nist.gov/vuln/detail/CVE-2026-24222 https://nvidia.custhelp.com/app/answers/detail/a_id/5837 https://www.cve.org/CVERecord?id=CVE-2026-24222
Metrics		cvssV3_1 `{'score': 8.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N'}`

Subscriptions

Nvidia Nemoclaw

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2026-04-28T17:46:37.015Z

Updated: 2026-04-29T15:11:41.945Z

Reserved: 2026-01-21T19:09:36.964Z

Link: CVE-2026-24222

Vulnrichment

Updated: 2026-04-29T13:51:57.727Z

NVD

Status : Awaiting Analysis

Published: 2026-04-28T19:36:45.517

Modified: 2026-04-28T20:10:42.070

Link: CVE-2026-24222

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-29T10:10:30Z

Weaknesses

CWE-497

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object