Impact
NVIDIA Megatron Bridge for Linux contains a deserialization vulnerability (CWE‑502) that allows an attacker to deserialize untrusted data. An attacker who successfully exploits this flaw could execute arbitrary code, elevate privileges, tamper with data, and disclose sensitive information.
Affected Systems
NVIDIA Megatron Bridge for Linux. Specific affected versions are not disclosed in the available data.
Risk and Exploitability
The CVSS base score of 7.8 indicates a high severity potential. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no known public exploits at the time of this report. The attack vector appears to involve the receipt of malicious data by the bridge service, implying that network or local access to the service may be necessary for exploitation. Overall risk is moderate to high until a fix is applied.
OpenCVE Enrichment