Cyber Posture

CVE-2026-24159

High

Published: 24 March 2026

Published
24 March 2026
Modified
31 March 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 29.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-24159 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Nvidia Nemo. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the deserialization vulnerability in NVIDIA NeMo Framework by requiring timely patching and updates as per vendor advisories.

SI-10 Information Input Validation good match
prevent

Prevents exploitation of CWE-502 by validating untrusted data inputs prior to deserialization in the framework.

SI-16 Memory Protection good match
prevent

Mitigates remote code execution from deserialization flaws through memory protections like ASLR and DEP.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The vulnerability enables local low-privileged remote code execution leading to privilege escalation via deserialization (CWE-502), directly mapping to Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

Deeper analysisAI

CVE-2026-24159 is a vulnerability in the NVIDIA NeMo Framework that enables an attacker to cause remote code execution. A successful exploit might lead to code execution, escalation of privileges, information disclosure, and data tampering. The issue has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is linked to CWE-502, which involves deserialization of untrusted data.

Exploitation requires local access, low attack complexity, and low privileges, with no user interaction needed. A local attacker meeting these conditions can achieve high impacts across confidentiality, integrity, and availability, potentially resulting in the described outcomes of code execution, privilege escalation, information disclosure, and data tampering.

Mitigation guidance is provided in official advisories, including NVIDIA's security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5800, the NVD detail page at https://nvd.nist.gov/vuln/detail/CVE-2026-24159, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2026-24159.

Details

CWE(s)
CWE-502

Affected Products

nvidia
nemo
≤ 2.6.2

CVEs Like This One

CVE-2026-24157Same product: Nvidia Nemo
CVE-2025-33241Same product: Nvidia Nemo
CVE-2025-33245Same product: Nvidia Nemo
CVE-2025-33243Same product: Nvidia Nemo
CVE-2025-33252Same product: Nvidia Nemo
CVE-2025-33253Same product: Nvidia Nemo
CVE-2025-33236Same product: Nvidia Nemo
CVE-2025-33246Same product: Nvidia Nemo
CVE-2025-33251Same product: Nvidia Nemo
CVE-2025-33249Same product: Nvidia Nemo

References