# CVE-2026-24164 Vulnerability Summary ## Vulnerability Overview | Attribute | Content | |:---|:---| | **CVE ID** | CVE-2026-24164 | | **Status** | AWAITING ANALYSIS | | **Vulnerability Type** | Deserialization of Untrusted Data - CWE-502 | | **Affected Product** | NVIDIA BioNeMo | | **Publication Date** | March 31, 2026 | | **Last Modified** | April 1, 2026 | ### Vulnerability Description NVIDIA BioNeMo contains a vulnerability where a user may trigger deserialization of untrusted data. Successful exploitation of this vulnerability may lead to: - Code execution - Denial of service - Information disclosure - Data tampering ## CVSS Score | Source | Base Score | Vector String | |:---|:---|:---| | NVD (NIST) | N/A | Not yet provided | | CNA (NVIDIA) | **8.8 (HIGH)** | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | > Score Interpretation: Network exploitable, low attack complexity, no privileges required, user interaction required, high impact on confidentiality, integrity, and availability. ## Affected Scope - **Vendor**: NVIDIA Corporation - **Product**: BioNeMo (Biomolecular Language Model Platform) ## Remediation ### Official Resources | Link | Source | |:---|:---| | https://nvidia.custhelp.com/app/answers/detail/a_id/1508 | NVIDIA Corporation | > Note: The page does not provide specific patch versions or detailed remediation steps. It is recommended to visit NVIDIA's official security advisory for the latest remediation information. ## Reference Links - NVD Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24164 - CVE.org Record: https://www.cve.org/CVERecord?id=CVE-2026-24164 --- **POC Code/Exploit Code**: The page **does not contain** any POC code or exploit code.