NVIDIA Patches Three High-Severity Vulnerabilities in NeMo AI Framework
NVIDIA has disclosed three high-severity vulnerabilities in its NeMo Framework, an open-source platform used for building and deploying large language models (LLMs) and AI applications. The security bulletin, released on June 16, 2026, and updated on June 12, 2026, warns users to upgrade to version 2.7.3 or later to mitigate risks.
All three vulnerabilities CVE-2026-24252, CVE-2026-24155, and CVE-2026-24228 carry a CVSS v3.1 base score of 7.8 (High) and share a common attack vector: local access with low privileges, requiring no user interaction. This makes them particularly dangerous in multi-tenant AI development environments, including cloud-based GPU deployments and enterprise AI labs.
Vulnerability Breakdown
-
CVE-2026-24252 (OS Command Injection – CWE-78)
- Affects Linux-based NeMo deployments.
- Allows attackers to inject arbitrary OS commands, leading to code execution, privilege escalation, data tampering, and sensitive information disclosure.
- Exploitation requires only local, low-privilege access, increasing risk in shared or containerized workloads.
-
CVE-2026-24155 (Code Injection – CWE-94)
- Affects all platforms (Windows, Linux, macOS).
- Enables arbitrary code execution, privilege escalation, or data exfiltration due to a code injection flaw.
- Broadens the attack surface across diverse AI infrastructure.
-
CVE-2026-24228 (Deserialization of Untrusted Data – CWE-502)
- Targets Linux-based NeMo deployments.
- Exploits unsafe deserialization routines, allowing arbitrary code execution when processing attacker-controlled data.
- Common in Python-based ML frameworks using serialization formats like pickle.
Affected Versions & Mitigation
- All three vulnerabilities impact NeMo Framework versions 0.0 through 2.7.2.
- NVIDIA has released version 2.7.3, which patches all three flaws.
- The vulnerabilities were reported by Moomi Chen (CVE-2026-24155 & CVE-2026-24252) and Tyler Zars of TrendAI Zero Day Initiative (CVE-2026-24228).
Given NeMo’s widespread use in AI model training, fine-tuning, and inference workloads, organizations particularly those in research institutions and enterprise AI labs are urged to audit and patch affected systems, especially in Linux-based AI infrastructure where all three vulnerabilities are exploitable.
Source: https://cyberpress.org/critical-nvidia-nemo-vulnerability/
NVIDIA TPRM report: https://www.rankiteo.com/company/nvidia
"id": "nvi1781685010",
"linkid": "nvidia",
"type": "Vulnerability",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': ['Research institutions',
'Enterprise AI labs',
'Cloud-based GPU deployments'],
'industry': 'Technology (AI, GPU, Semiconductors)',
'name': 'NVIDIA',
'type': 'Corporation'}],
'attack_vector': 'Local access with low privileges, no user interaction '
'required',
'customer_advisories': ['Users are urged to upgrade to NeMo Framework version '
'2.7.3 or later to mitigate risks.'],
'data_breach': {'data_exfiltration': True,
'type_of_data_compromised': ['Sensitive information',
'AI model data']},
'date_publicly_disclosed': '2026-06-16',
'description': 'NVIDIA has disclosed three high-severity vulnerabilities in '
'its NeMo Framework, an open-source platform used for building '
'and deploying large language models (LLMs) and AI '
'applications. The vulnerabilities allow attackers with local '
'access and low privileges to execute arbitrary code, escalate '
'privileges, and exfiltrate data. Users are urged to upgrade '
'to version 2.7.3 or later to mitigate risks.',
'impact': {'data_compromised': ['Sensitive information disclosure',
'Data exfiltration',
'Data tampering'],
'operational_impact': ['Code execution',
'Privilege escalation',
'AI model training disruption'],
'systems_affected': ['NeMo Framework versions 0.0 through 2.7.2']},
'post_incident_analysis': {'corrective_actions': ['Patch vulnerabilities in '
'NeMo Framework version '
'2.7.3'],
'root_causes': ['OS Command Injection '
'(CVE-2026-24252)',
'Code Injection (CVE-2026-24155)',
'Deserialization of Untrusted Data '
'(CVE-2026-24228)']},
'recommendations': ['Audit and patch affected systems, especially in '
'Linux-based AI infrastructure.',
'Upgrade to NeMo Framework version 2.7.3 or later.'],
'references': [{'source': 'NVIDIA Security Bulletin'},
{'source': 'Moomi Chen (Reporter for CVE-2026-24155 & '
'CVE-2026-24252)'},
{'source': 'Tyler Zars of TrendAI Zero Day Initiative '
'(Reporter for CVE-2026-24228)'}],
'response': {'communication_strategy': ['Security bulletin released on June '
'16, 2026'],
'containment_measures': ['Upgrade to NeMo Framework version '
'2.7.3 or later'],
'remediation_measures': ['Patch vulnerabilities CVE-2026-24252, '
'CVE-2026-24155, and CVE-2026-24228']},
'title': 'NVIDIA Patches Three High-Severity Vulnerabilities in NeMo AI '
'Framework',
'type': ['Vulnerability Disclosure',
'Code Injection',
'OS Command Injection',
'Deserialization of Untrusted Data'],
'vulnerability_exploited': ['CVE-2026-24252 (OS Command Injection)',
'CVE-2026-24155 (Code Injection)',
'CVE-2026-24228 (Deserialization of Untrusted '
'Data)']}