Description
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Published: 2026-07-01
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA Megatron Bridge for Linux contains a deserialization vulnerability (CWE‑502) that allows an attacker to deserialize untrusted data. An attacker who successfully exploits this flaw could execute arbitrary code, elevate privileges, tamper with data, and disclose sensitive information.

Affected Systems

NVIDIA Megatron Bridge for Linux. Specific affected versions are not disclosed in the available data.

Risk and Exploitability

The CVSS base score of 7.8 indicates a high severity potential. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no known public exploits at the time of this report. The attack vector appears to involve the receipt of malicious data by the bridge service, implying that network or local access to the service may be necessary for exploitation. Overall risk is moderate to high until a fix is applied.

Generated by OpenCVE AI on July 1, 2026 at 18:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch or upgrade to the latest NVIDIA Megatron Bridge release
  • Restrict network access to the Megatron Bridge service to trusted hosts and limit exposure to potential attackers
  • Implement runtime validation or sandboxing for incoming data to mitigate deserialization attacks
  • If a patch is unavailable, consider disabling deserialization features or isolating the service until a fix is released

Generated by OpenCVE AI on July 1, 2026 at 18:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Title Deserialization Vulnerability in NVIDIA Megatron Bridge Allows Code Execution

Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Description NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-07-01T15:56:36.525Z

Reserved: 2026-01-21T19:09:47.375Z

Link: CVE-2026-24245

cve-icon Vulnrichment

Updated: 2026-07-01T15:56:32.710Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T18:15:15Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data