{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24164", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2026-01-21T19:09:30.918Z", "datePublished": "2026-03-31T16:24:03.705Z", "dateUpdated": "2026-03-31T17:06:08.146Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-31T16:24:03.705Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, denial of service, information disclosure, data tampering"}]}], "affected": [{"vendor": "NVIDIA", "product": "BioNeMo Framework", "platforms": ["Linux"], "versions": [{"status": "affected", "version": "All versions that do not include commit f2c2b14"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", "supportingMedia": [{"type": "text/html", "base64": true, "value": "NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering."}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24164"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24164"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5808"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T17:04:20.477706Z", "id": "CVE-2026-24164", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T17:06:08.146Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24164", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-31T17:04:20.477706Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T17:05:31.013Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Code execution, denial of service, information disclosure, data tampering"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "BioNeMo Framework", "versions": [{"status": "affected", "version": "All versions that do not include commit f2c2b14"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24164"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24164"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5808"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-31T16:24:03.705Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24164", "state": "PUBLISHED", "dateUpdated": "2026-03-31T17:06:08.146Z", "dateReserved": "2026-01-21T19:09:30.918Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2026-03-31T16:24:03.705Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering."}], "id": "CVE-2026-24164", "lastModified": "2026-04-01T14:24:02.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2026-03-31T17:16:30.937", "references": [{"source": "psirt@nvidia.com", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24164"}, {"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5808"}, {"source": "psirt@nvidia.com", "url": "https://www.cve.org/CVERecord?id=CVE-2026-24164"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "psirt@nvidia.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["Linux"], "status": "affected", "versions": {"scheme": "generic", "value": "All versions that do not include commit f2c2b14"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "bionemo_framework", "vendor": "nvidia"}], "analysis": {"en": {"generated_at": "2026-03-31T17:50:45.609920+00:00", "value": {"mitigation_remediation": ["Apply the latest NVIDIA patch for BioNeMo if one is available.", "If no patch exists, configure the framework to accept only data from trusted sources and disable or remove the deserialization functionality where practical.", "Sanitize all incoming data streams before deserialization to ensure that only valid, expected structures are processed.", "Monitor system logs for anomalous deserialization activity and implement rate limiting or additional validation checks to detect potential attacks."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is NVIDIA\u2019s BioNeMo Framework. No specific version identifiers are provided, indicating that any deployment of the framework may be vulnerable until a vendor update is applied.", "description_and_impact": "A deserialization flaw in NVIDIA BioNeMo Framework allows an attacker to supply crafted data that the framework deserializes without proper validation. This vulnerability can be leveraged to execute arbitrary code, terminate services, exfiltrate sensitive data, or modify data integrity, as described in the CVE documentation. It is classified as CWE\u2011502, reflecting improper handling of serialized data streams.", "risk_and_exploitability": "The flaw carries a CVSS score of 8.8, marking it as high severity. EPSS data is not available, and the issue is not listed in CISA\u2019s KEV catalog, suggesting limited public exploitation to date. The presumed attack vector involves an adversary delivering malicious serialized input to the framework, which then processes it untrusted, enabling the listed consequences."}}}}, "created": "2026-03-31T19:53:56.846573+00:00", "title": "Deserialization Flaw in NVIDIA BioNeMo Framework Allowing Potential Code Execution", "updated": "2026-03-31T20:37:54.527921+00:00", "vendors": ["nvidia", "nvidia$PRODUCT$bionemo_framework"]}