How is CVE-2026-24221 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network exposure is required to reach the vulnerable deserialization path. Authentication (required): Any low-privilege local account is sufficient; no administrative or elevated credentials are needed to trigger the vulnerability. Victim interaction (not-required): The exploit does not require any action from another user or a victim; the attacker can trigger deserialization autonomously. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and requires no specific race condition, memory layout dependency, or environmental prerequisite beyond local access.

What is the impact of CVE-2026-24221?

A successful attacker executes arbitrary code in the context of the NVTabular process, which can include spawning subprocesses or loading malicious libraries. The attacker reads confidential data accessible to the process, such as training datasets, model weights, credentials, or environment variables. The attacker modifies or corrupts data processed by NVTabular, including persisted feature-engineering outputs, cached datasets, or pipeline artifacts. The exploit can render the NVTabular service or worker process unavailable by crashing or hijacking it, disrupting any dependent training or inference pipeline.

Back to search

HIGHCVE-2026-24221Published 2026-06-02Modified 2026-06-02CNA nvidia

CVE-2026-24221: NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure.

CVSS v3.1: 7.8
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

Improper deserialization of untrusted data in NVIDIA NVTabular allows a local attacker with a low-privilege account to trigger arbitrary code execution, data tampering, and information disclosure. The vulnerability is reachable locally, requires no victim interaction, and exploits the way NVTabular processes serialized data objects without proper validation. No fix version has been published yet; HarborGuard tracks the advisory and will surface a patched-image rebuild the moment upstream ships a fix.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built images that bundle NVTabular versions in the affected range (0.0 through commit 5dd11f4). Any image carrying the vulnerable package is flagged in the relevant pipeline stage and registry scan.

Available

Triage

HarborGuard scores this CVE at 7.8 HIGH using the CVSS v3.1 vector and is capable of weighting that score further against each customer's per-environment compliance policy, escalating severity where NVTabular workloads handle sensitive training data or run in production. Triage findings are routed to the appropriate team inbox within each customer org based on image ownership and policy configuration.

Available

Patch

Because no upstream fix version has been published for CVE-2026-24221, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment NVIDIA publishes a remediated release. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will trigger without manual intervention once a fix version is available.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network exposure is required to reach the vulnerable deserialization path.
AuthenticationRequired
Any low-privilege local account is sufficient; no administrative or elevated credentials are needed to trigger the vulnerability.
Victim interactionNot required
The exploit does not require any action from another user or a victim; the attacker can trigger deserialization autonomously.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no specific race condition, memory layout dependency, or environmental prerequisite beyond local access.

Blast Radius

A successful attacker executes arbitrary code in the context of the NVTabular process, which can include spawning subprocesses or loading malicious libraries.
The attacker reads confidential data accessible to the process, such as training datasets, model weights, credentials, or environment variables.
The attacker modifies or corrupts data processed by NVTabular, including persisted feature-engineering outputs, cached datasets, or pipeline artifacts.
The exploit can render the NVTabular service or worker process unavailable by crashing or hijacking it, disrupting any dependent training or inference pipeline.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-24221 is active across all customer environments scanning images that include NVTabular in the 0.0 to 5dd11f4 range. Because NVIDIA has not published a fix version, HarborGuard monitors the upstream advisory on every ingest cycle and will make a patched-image rebuild available the moment a remediated version is released; customers with auto-remediation enabled will receive the rebuild, regression run, and an opened PR against affected workloads without manual intervention. In the interim, compensating controls available for consideration include restricting the NVTabular process to a dedicated namespace with tight network policy, limiting which local accounts can write serialized objects to paths consumed by the service, and using read-only volume mounts for input data where the workflow permits. Customers whose compliance policy flags HIGH-severity unpatched CVEs for mandatory quarantine can configure HarborGuard to block promotion of affected images past the staging gate until a fix is available.

See how HarborGuard automates this

Affected packages

NVIDIA / NVTabular
0.0 to 5dd11f4

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Metrics

Get notified