{"id":"GHSA-v7v2-m736-cf3c","summary":"NVIDIA NeMo Framework contains a vulnerability leading to Remote Code Execution","details":"NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.","aliases":["CVE-2026-24159"],"modified":"2026-04-02T13:35:43.800214Z","published":"2026-03-24T21:31:24Z","database_specific":{"github_reviewed":true,"cwe_ids":["CWE-502"],"github_reviewed_at":"2026-04-01T23:13:53Z","severity":"HIGH","nvd_published_at":"2026-03-24T21:16:28Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24159"},{"type":"PACKAGE","url":"https://github.com/NVIDIA-NeMo/NeMo"},{"type":"WEB","url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5800"},{"type":"WEB","url":"https://www.cve.org/CVERecord?id=CVE-2026-24159"}],"affected":[{"package":{"name":"nemo-toolkit","ecosystem":"PyPI","purl":"pkg:pypi/nemo-toolkit"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.2"}]}],"versions":["0.10.0","0.10.0b0","0.10.0b1","0.10.0b10","0.10.0b2","0.10.0b3","0.10.0b4","0.10.0b5","0.10.0b6","0.10.0b7","0.10.0b8","0.10.0b9","0.10.1","0.11.0","0.11.0b1","0.11.0b10","0.11.0b11","0.11.0b12","0.11.0b14","0.11.0b2","0.11.0b3","0.11.0b4","0.11.0b5","0.11.0b6","0.11.0b8","0.8","0.8.1","0.8.2","0.9.0","1.0.0","1.0.0a4","1.0.0b0","1.0.0b1","1.0.0b2","1.0.0b3","1.0.0rc1","1.0.1","1.0.2","1.1.0","1.10.0","1.11.0","1.12.0","1.13.0","1.14.0","1.15.0","1.16.0","1.17.0","1.18.0","1.18.1","1.19.0","1.19.1","1.2.0","1.20.0","1.21.0","1.22.0","1.23.0","1.3.0","1.4.0","1.5.0","1.5.1","1.6.0","1.6.1","1.6.2","1.7.0","1.7.1","1.7.2","1.8.0","1.8.1","1.8.2","1.9.0","2.0.0","2.0.0rc0","2.0.0rc1","2.1.0","2.1.0rc0","2.1.0rc1","2.1.0rc2","2.2.0","2.2.0rc0","2.2.0rc1","2.2.0rc2","2.2.0rc3","2.2.1","2.3.0","2.3.0rc2","2.3.0rc3","2.3.0rc4","2.3.1","2.3.2","2.3.3","2.4.0","2.4.0rc0","2.4.0rc1","2.4.0rc2","2.4.1","2.5.0","2.5.0rc0","2.5.1","2.5.2","2.5.3","2.6.0","2.6.0rc0","2.6.1"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-v7v2-m736-cf3c/GHSA-v7v2-m736-cf3c.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}