CVE-2026-24217
Published: 20 May 2026
Summary
CVE-2026-24217 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Nvidia Bionemo Framework. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 49.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-31144
Vulnerability details
NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal via malicious file load directly enables client-side exploitation leading to arbitrary code execution (T1203); resulting impact includes use of command/scripting interpreters (T1059).
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.