Description
NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
Published: 2026-06-02
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in NVIDIA NVTabular allows improper deserialization of untrusted data, a flaw classified as CWE-502. An attacker could exploit this issue to execute arbitrary code, tamper with data, or disclose sensitive information through the deserialization mechanism. The impact is significant because the flaw permits complete compromise of the affected system if an attacker supplies malicious data to the vulnerable component.

Affected Systems

The affected product is NVIDIA NVTabular. No specific affected versions are listed in the current data, so all releases prior to an official fix should be considered vulnerable.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, so automated exploitation is not known to be active yet. The likely attack vector is the ingestion of untrusted data, which may be supplied over a network, from a user, or from an external source. This inference is drawn from the description that the flaw involves deserialization of untrusted data; therefore, exposure via API endpoints or file inputs that process external data is the most probable route for exploitation.

Generated by OpenCVE AI on June 2, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s official patch or upgrade to a fixed NVTabular release as soon as it becomes available.
  • Implement strict input validation or sanitization before deserialization, ensuring that only trusted data is processed.
  • If possible, isolate the deserialization process in a sandboxed environment or replace the deserialization logic with safe alternatives to prevent arbitrary code execution.

Generated by OpenCVE AI on June 2, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nvidia:nvtabular:*:*:*:*:*:*:*:*

Tue, 02 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia nvtabular
Vendors & Products Nvidia
Nvidia nvtabular

Tue, 02 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Improper Deserialization Leading to Code Execution in NVIDIA NVTabular

Tue, 02 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Nvtabular
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-06-02T18:24:35.257Z

Reserved: 2026-01-21T19:09:37.973Z

Link: CVE-2026-24237

cve-icon Vulnrichment

Updated: 2026-06-02T18:15:54.813Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-02T17:16:27.510

Modified: 2026-06-04T17:40:51.780

Link: CVE-2026-24237

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T19:00:10Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data