Description
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Published: 2026-07-01
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper control of dynamically managed code resources in NVIDIA Megatron Bridge for Linux. A successful exploitation can lead to code execution, escalation of privileges, data tampering, and information disclosure, as stated in the official description.

Affected Systems

The affected system is NVIDIA Megatron Bridge running on Linux platforms. No specific version information was provided, so all released versions of this product are potentially impacted.

Risk and Exploitability

The CVSS score of 7.8 indicates a medium to high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, implying no known widespread exploitation yet. The attack vector is not explicitly disclosed, but the described impact suggests that an attacker with access to the device could potentially manipulate dynamic code resources to gain code execution rights. As the vulnerability involves privilege escalation, the risk to both confidentiality and integrity is significant.

Generated by OpenCVE AI on July 1, 2026 at 18:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch for CVE‑2026‑24246 as soon as it becomes available.
  • If a patch is not yet released, disable or remove the NVIDIA Megatron Bridge component until remediation is applied.
  • Monitor system logs for anomalous dynamic code loading activity and enforce strict access controls on the affected binaries.

Generated by OpenCVE AI on July 1, 2026 at 18:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Title Improper Control of Dynamically Managed Code Resources in NVIDIA Megatron Bridge

Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Description NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Weaknesses CWE-470
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-07-01T15:59:51.577Z

Reserved: 2026-01-21T19:09:47.375Z

Link: CVE-2026-24246

cve-icon Vulnrichment

Updated: 2026-07-01T15:59:45.985Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T18:15:15Z

Weaknesses
  • CWE-470

    Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')