CVE-2026-24162
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NVIDIA | Merlin Transformers4Rec | All commits on Main prior to March 11, 2026 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-24162
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
NVIDIA Transformers4Rec 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NVIDIA Transformers4Rec是美国英伟达(NVIDIA)公司的一个推荐系统深度学习框架。 NVIDIA Transformers4Rec for Linux存在代码问题漏洞,该漏洞源于可能导致不可信数据反序列化不当,可能导致代码执行、数据篡改和信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| NVIDIA | Merlin Transformers4Rec | All commits on Main prior to March 11, 2026 | - |
II. Public POCs for CVE-2026-24162
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-24162
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-24162 (2)
Same Patch Batch · NVIDIA · 2026-05-26 · 17 CVEs total
| CVE-2026-24187 | 8.8 HIGH | NVIDIA Display Driver for Linux 资源管理错误漏洞 |
| CVE-2026-24194 | 7.8 HIGH | NVIDIA Display Driver for Linux 安全漏洞 |
| CVE-2026-24191 | 7.8 HIGH | NVIDIA Display Driver 安全漏洞 |
| CVE-2026-24190 | 7.8 HIGH | NVIDIA Display Driver 安全漏洞 |
| CVE-2026-24193 | 7.8 HIGH | NVIDIA Display Driver 缓冲区错误漏洞 |
| CVE-2026-24192 | 7.8 HIGH | NVIDIA Display Driver 安全漏洞 |
| CVE-2026-24212 | 7.5 HIGH | NVIDIA Isaac Launchable 安全漏洞 |
| CVE-2026-24196 | 7.1 HIGH | NVIDIA Display Driver for Linux 缓冲区错误漏洞 |
| CVE-2026-24195 | 7.1 HIGH | NVIDIA Display Driver 输入验证错误漏洞 |
| CVE-2026-24200 | 7.0 HIGH | NVIDIA vGPU Software 资源管理错误漏洞 |
| CVE-2026-24197 | 6.5 MEDIUM | NVIDIA Display Driver for Linux 安全漏洞 |
| CVE-2026-24182 | 6.5 MEDIUM | NVIDIA Display Driver 安全漏洞 |
| CVE-2026-24201 | 5.8 MEDIUM | NVIDIA vGPU Software 缓冲区错误漏洞 |
| CVE-2026-24198 | 5.6 MEDIUM | NVIDIA GPU Display Driver 信息泄露漏洞 |
| CVE-2026-24199 | 4.7 MEDIUM | NVIDIA Display Driver 竞争条件问题漏洞 |
| CVE-2025-33221 | 4.4 MEDIUM | NVIDIA Display Driver 输入验证错误漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-502
- CVE-2026-9828
Logback deserialization whitelist bypass for java.lang and j - CVE-2026-45134
LangSmith Client SDK: Public prompt pull deserializes untrus - CVE-2026-47161
RELATE Vulnerable to Remote Code Execution (RCE) via Insecur - CVE-2026-44843
LangChain: Unsafe deserialization of attacker-controlled Lan - CVE-2026-45247
Mirasvit Cache Warmer for Magento < 1.11.12 PHP Object Injec
V. Comments for CVE-2026-24162
No comments yet