PatchSiren cyber security CVE debrief
CVE-2026-24228 NVIDIA CVE debrief
CVE-2026-24228 is a HIGH severity vulnerability in NVIDIA NeMo Framework for Linux. The vulnerability allows an attacker to cause deserialization of untrusted data, which could lead to code execution, escalation of privileges, data tampering, and information disclosure. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.8.
- Vendor
- NVIDIA
- Product
- NeMo Framework
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-17
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-17
Who should care
Users of NVIDIA NeMo Framework for Linux, especially those using versions prior to 2.7.3, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by CWE-502, Deserialization of Untrusted Data. The CVSS vector for this vulnerability is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to version 2.7.3 or later of NVIDIA NeMo Framework for Linux.
- Refer to [ref-4](https://nvidia.custhelp.com/app/answers/detail/a_id/5839) for vendor advisory and mitigation strategies.
Evidence notes
The information provided is based on data from [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-24228) and [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-24228).
Official resources
-
CVE-2026-24228 CVE record
CVE.org
-
CVE-2026-24228 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-24228 was published on 2026-06-16T17:16:39.590Z and modified on 2026-06-16T20:38:29.477Z.