Description
NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads() without authentication or input validation. Attackers can supply a crafted payload containing a __reduce__ gadget to the inference API port to achieve remote code execution as the inference process.
Published: 2026-06-17
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA Spatial Intelligence Lab's GEN3C contains an unauthenticated remote code execution flaw in its inference API. The server deserializes the raw HTTP body of /request‑inference and /seed‑model calls via Python's pickle.loads() without authentication or input validation. An attacker can send a crafted pickle payload that exploits the __reduce__ gadget, allowing arbitrary code to be executed within the inference process. This flaw falls under CWE‑502 and presents a severe threat to confidentiality, integrity, and availability of the host system.

Affected Systems

Affected systems are deployments of NVIDIA SIL GEN3C (nv‑tlabs:GEN3C). No specific version range is supplied in the advisory, so any instance of the product with the vulnerable inference API implementation is considered at risk. The vulnerability is tied to the inference API endpoints exposed on the service.

Risk and Exploitability

The CVSS score of 9.3 indicates critical severity, while the EPSS score of <1% shows that, at present, the likelihood of exploitation is low but still possible. The vulnerability is not listed in CISA KEV. The attack vector is remote over the network: an unauthenticated user may reach the exposed inference API port, craft a malicious pickle payload, and trigger code execution with the privileges of the inference process. Successful exploitation would grant the attacker control over the affected host.

Generated by OpenCVE AI on June 18, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest GEN3C release that removes untrusted pickle deserialization or patches the vulnerability.
  • Restrict network access to the inference API, limiting connections to trusted internal hosts or VPN.
  • Deploy an application firewall or intrusion detection system that rejects malformed or unexpected pickle payloads and enforce strict input validation or sandbox the inference process.

Generated by OpenCVE AI on June 18, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Description NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads() without authentication or input validation. Attackers can supply a crafted payload containing a __reduce__ gadget to the inference API port to achieve remote code execution as the inference process.
Title NVIDIA SIL GEN3C Unauthenticated RCE via Pickle Deserialization in Inference API
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-17T18:12:56.443Z

Reserved: 2026-06-10T20:14:32.829Z

Link: CVE-2026-53805

cve-icon Vulnrichment

Updated: 2026-06-17T18:12:52.414Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T19:30:15Z

Weaknesses
  • CWE-502

    Deserialization of Untrusted Data