CVE-2026-24162_CVE-2026-24162

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Basic Information

ID CVE-2026-24162

Source nvidia

Published May 26, 2026 at 16:12

Affected Product

Vendor NVIDIA

Product Merlin Transformers4Rec

Version All commits on Main prior to March 11, 2026

Affected Versions NVIDIA Merlin Transformers4Rec All commits on Main prior to March 11, 2026

CWE Classification

CWE-502

References

{
    "lastseen": "",
    "description": "NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.",
    "published": "2026-05-26T16:12:16.028Z",
    "modified": "2026-05-26T16:12:16.028Z",
    "type": "cve",
    "title": "CVE-2026-24162",
    "source": "nvidia",
    "references": "https://nvd.nist.gov/vuln/detail/CVE-2026-24162\nhttps://www.cve.org/CVERecord?id=CVE-2026-24162\nhttps://nvidia.custhelp.com/app/answers/detail/a_id/5838",
    "id": "CVE-2026-24162",
    "bulletinFamily": "",
    "cwe": [
        "CWE-502"
    ],
    "cvelist": null,
    "sourceData": "NVIDIA Merlin Transformers4Rec All commits on Main prior to March 11, 2026",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Merlin Transformers4Rec",
    "version": "All commits on Main prior to March 11, 2026",
    "vendor": "NVIDIA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}