CVE Identifier: CVE-2026-24149 CNA: NVIDIA Corporation Publication Date: 2026-02-03 Update Date: 2026-02-03 Description: - NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data - created by an attacker may cause a code injection issue. A successful exploit of this vulnerability - may lead to code execution, escalation of privileges, information disclosure, data tampering. CWE: CWE-94 Improper Control of Generation of Code ('Code Injection') CVSS Score: - Score: 7.8 - Severity: High - Version: 3.1 - Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Product Status: - Vendor: NVIDIA - Product: Megatron-LM - Platforms: All platforms - Version Affected: 0.0.0 to 0.14.0 Credits: Michael DePlante (@izobashi) of Trend Zero Day Initiative References: - nvd.nist.gov: NVD - cve.org: Mitre