Description
NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Published: 2026-07-01
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA Megatron Bridge for Linux contains a flaw where untrusted data can be deserialized, allowing an attacker to execute arbitrary code. An attacker who successfully exploits this vulnerability could elevate privileges, tamper with data, or disclose sensitive information, as indicated by the description and the associated CWE-502.

Affected Systems

Affected systems are NVIDIA Megatron Bridge running on Linux. No specific version details are listed in the provided data.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity impact. While no EPSS score is available, the lack of a KEV listing does not preclude exploitation. Based on the vulnerability description, the likely attack vector is over the network that provides data to the bridge’s deserialization routines. An attacker capable of sending crafted input could trigger arbitrary code execution without user interaction. The exploit would give control of the bridge or the host system, depending on privilege escalation success.

Generated by OpenCVE AI on July 1, 2026 at 18:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest NVIDIA Megatron Bridge patch once released by NVIDIA.
  • If a patch is not yet available, isolate the bridge from untrusted networks or disable external input services that handle deserialization.
  • Continuously monitor system logs and network traffic for signs of attempts to exploit deserialization or unauthorized code execution.

Generated by OpenCVE AI on July 1, 2026 at 18:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
Title Untrusted Deserialization in NVIDIA Megatron Bridge Enables Remote Code Execution

Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Description NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-07-01T15:59:10.202Z

Reserved: 2026-01-21T19:09:47.375Z

Link: CVE-2026-24247

cve-icon Vulnrichment

Updated: 2026-07-01T15:59:03.720Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T18:15:15Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data