Do Son 
NVIDIA has issued an urgent fix for its NeMo Framework, the popular open-source toolkit for building generative AI models. The update tackles an NVIDIA NeMo vulnerability set spanning three separate flaws, each rated High at CVSS 7.8. Developers and AI teams should upgrade right away.
Three flaws, one fix
All three bugs open the door to serious attacks. The first, CVE-2026-24155, is a code injection issue affecting every platform. According to NVIDIA, a successful exploit “might lead to code execution, escalation of privileges, information disclosure, and data tampering.”
The other two target Linux specifically. CVE-2026-24252 lets an attacker trigger OS command injection. Meanwhile, CVE-2026-24228 stems from the “deserialization of untrusted data.” Both carry the same severe impacts as the first.
Notably, each flaw requires only local, low-privileged access. Therefore, a single foothold on a shared training server could be enough to escalate.
What to do
This NVIDIA NeMo vulnerability cluster affects all versions from 0.0 up to 2.7.2. Fortunately, the fix is straightforward. NVIDIA urges users to update to version 2.7.3 or later from the official NeMo GitHub repository.
Because all three flaws can lead to code execution, teams running AI pipelines on NeMo should treat this patch as a top priority.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
