NVIDIA BioNeMo Untrusted Deserialization CVE-2026-24165
CVE-2026-24165 Published on March 31, 2026

NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

NVD

Vulnerability Analysis

CVE-2026-24165 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-24165 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2026-24165

Want to know whenever a new CVE is published for NVIDIA Nemo? stack.watch will email you.

NVIDIA Nemo

Affected Versions

NVIDIA BioNeMo Framework Version All versions that do not include commit e5e58c8 is affected by CVE-2026-24165

NVIDIA BioNeMo Untrusted Deserialization CVE-2026-24165CVE-2026-24165 Published on March 31, 2026

Vulnerability Analysis

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Products Associated with CVE-2026-24165

Affected Versions

NVIDIA BioNeMo Untrusted Deserialization CVE-2026-24165
CVE-2026-24165 Published on March 31, 2026