Cyber Resilience

CVE-2026-24217

High

Published: 20 May 2026

Published
20 May 2026
Modified
21 May 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0076 50.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-24217 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Nvidia Bionemo Framework. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 49.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Path traversal via malicious file load directly enables client-side exploitation leading to arbitrary code execution (T1203); resulting impact includes use of command/scripting interpreters (T1059).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24216Same product: Linux Linux Kernel
CVE-2026-24162Same product: Linux Linux Kernel
CVE-2026-24209Same product: Linux Linux Kernel
CVE-2026-24206Same product: Linux Linux Kernel
CVE-2026-24208Same product: Linux Linux Kernel
CVE-2026-24207Same product: Linux Linux Kernel
CVE-2025-33206Same product: Linux Linux Kernel
CVE-2025-23242Same product: Linux Linux Kernel
CVE-2025-33230Same product: Linux Linux Kernel
CVE-2025-33225Same product: Linux Linux Kernel

Affected Assets

nvidia
bionemo framework
≤ 2026-04-03

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References