NVIDIA Patches High-Severity “Prompt Injection” Flaw in NemoClaw

NVIDIA has released a critical software update for NVIDIA NemoClaw, addressing a high-severity vulnerability that could allow remote attackers to bypass security controls and exfiltrate sensitive host data. The flaw, which leverages “prompt-injected content,” highlights the growing security challenges in protecting the sandbox environments used by AI agents.

The most significant issue, tracked as CVE-2026-24222, involves a vulnerability in the sandbox environment initialization component. This flaw is particularly dangerous because it allows a remote attacker to influence the AI agent’s behavior through carefully crafted inputs.

According to the security bulletin, “A remote attacker may cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation”.

With a CVSS score of 8.6, this vulnerability represents a major risk to the confidentiality of the host system, as environment variables often contain sensitive API keys, internal paths, or configuration secrets.

In addition to the sandbox breach, NVIDIA patched a second vulnerability, CVE-2026-24231, which could lead to Server-Side Request Forgery (SSRF).

The flaw is located in the validateEndpointUrl() component. An attacker can supply a crafted endpoint URL—specifically referencing the 0.0.0.0/8 address range—via a blueprint configuration file or a CLI flag.

The bulletin notes, “A successful exploit of this vulnerability may lead to information disclosure”.

This Medium-severity flaw (CVSS 5.9) could allow an attacker to probe internal network resources that are typically shielded from external access.

The vulnerabilities impact versions of NVIDIA NemoClaw prior to v0.0.18. Users and developers are urged to “clone or update this software to v0.0.18 or later” from the official GitHub repository to mitigate the risk.