Impact
NVIDIA Megatron Bridge for Linux is vulnerable to deserialization of untrusted data, which could lead to arbitrary code execution, escalation of privileges, data tampering, and information disclosure. The weakness is a classic deserialization flaw, classified as CWE‑94.
Affected Systems
All current releases of NVIDIA Megatron Bridge for Linux are impacted; no specific version information is provided, so administrators should assume all installed instances are at risk until an official patch is released.
Risk and Exploitability
The CVSS score of 7.8 flags this as a high‑severity issue. EPSS information is not available and the vulnerability is not listed in CISA’s KEV catalog, indicating no widespread active exploitation yet, but the potential for remote exploitation remains. Attackers may deliver crafted serialized data to the vulnerable component, triggering the deserialization process and allowing execution of attacker-supplied code.
OpenCVE Enrichment