CVE-2026-24159 HIGH

CVE-2026-24159

Vendor Nvidia

Product NeMo Framework

Weakness CWE-502 · Unsafe deserialization

Published March 24, 2026

Last update March 25, 2026

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

Key dates

02Disclosure timeline

March 24, 2026 CVE published

March 25, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-24159 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2025-0956 WooCommerce Recover Abandoned Cart <= 24.4.0 - Unauthenticated PHP Object Injection CVE-2024-48026 WordPress Disc Golf Manager plugin <= 1.0.0 - PHP Object Injection vulnerability CVE-2026-44501 DataHub OIDC REDIRECT_URL Cookie Deserialization Vulnerability CVE-2023-36381 WordPress Zippy Plugin <= 1.6.5 is vulnerable to PHP Object Injection CVE-2024-52338 Apache Arrow R package: Arbitrary code execution when loading a malicious data file