NVIDIA issued an urgent update for its NeMo Framework due to three high-severity vulnerabilities (CVE-2026-24155, CVE-2026-24252, and CVE-2026-24228), all rated CVSS 7.8. These vulnerabilities could allow attackers to execute code, escalate privileges, and tamper with data. The first flaw affects all platforms and is a code injection issue, while the other two are specific to Linux, involving OS command injection and deserialization of untrusted data.
All versions from 0.0 to 2.7.2 are affected, and users are urged to upgrade to version 2.7.3 or later. Teams using NeMo for AI pipelines should prioritize this patch.