How is CVE-2026-24237 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network path to the service is required. Authentication (required): Any low-privilege local account is sufficient; no administrative credentials are needed. Victim interaction (not-required): No victim action is needed; the attacker can trigger deserialization without involving another user. Attack complexity (info): The exploit is reliable and condition-free; no race conditions or special environmental factors must be arranged.

What is the impact of CVE-2026-24237?

Executes arbitrary code in the context of the NVTabular process, giving the attacker full control over that process. Reads sensitive data accessible to the process, including training datasets, model artifacts, and any secrets loaded in memory. Modifies or corrupts persisted data, including stored datasets and model checkpoints that NVTabular reads and writes. Crashes or destabilizes the NVTabular service, disrupting any pipeline or workflow that depends on it.

Back to search

HIGHCVE-2026-24237Published 2026-06-02Modified 2026-06-02CNA nvidia

CVE-2026-24237: NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data

NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

CVSS v3.1: 7.8
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

Improper deserialization of untrusted data in NVIDIA NVTabular allows a local attacker with a low-privilege account to pass malicious serialized payloads into the application. The vulnerability is reached locally and requires no user interaction, derived from a CVSS vector of AV:L/AC:L/PR:L/UI:N. Successful exploitation gives the attacker arbitrary code execution, the ability to tamper with data, and access to sensitive information. No fix version has been published yet; HarborGuard tracks the advisory and will flag a patched-image rebuild the moment upstream ships a fix.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment - the CVE is matched against customer images within minutes of ingestion from upstream feeds, covering images in customer registries, CI/CD pipelines, and custom-built images that include affected NVTabular versions (0.0 through 5dd11f4).

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 7.8 HIGH and weighting it against each customer environment's compliance policy to surface it at the appropriate severity tier. Routing to the correct team inbox within each customer organization is available through HarborGuard's policy-based assignment rules.

Available

Patch

Because no fix version has been published, HarborGuard re-checks the advisory each ingest cycle and will make a patched-image rebuild available automatically the moment the upstream fix is released. For customers who opt into auto-remediation, a rebuild, regression-test run, and PR against affected workloads will be triggered without manual intervention once a fix version is confirmed.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network path to the service is required.
AuthenticationRequired
Any low-privilege local account is sufficient; no administrative credentials are needed.
Victim interactionNot required
No victim action is needed; the attacker can trigger deserialization without involving another user.
Attack complexityDetail
The exploit is reliable and condition-free; no race conditions or special environmental factors must be arranged.

Blast Radius

Executes arbitrary code in the context of the NVTabular process, giving the attacker full control over that process.
Reads sensitive data accessible to the process, including training datasets, model artifacts, and any secrets loaded in memory.
Modifies or corrupts persisted data, including stored datasets and model checkpoints that NVTabular reads and writes.
Crashes or destabilizes the NVTabular service, disrupting any pipeline or workflow that depends on it.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix exists for CVE-2026-24237, HarborGuard continuously monitors the advisory and re-evaluates affected images on every ingest cycle. Customers are advised to consider compensating controls in the interim, such as restricting local user accounts that have access to NVTabular processes, applying OS-level mandatory access controls (for example AppArmor or SELinux profiles) to limit what a deserialization payload can reach, and isolating NVTabular workloads in dedicated namespaces with tight pod-security policies. The moment NVIDIA publishes a patched version, a rebuilt image becomes available on HarborGuard; for customers who have auto-remediation enabled, a regression-test run and a PR opened against affected workloads follow automatically, with a median time from CVE publication to merged patch PR for high-severity issues of around 90 minutes in those environments.

See how HarborGuard automates this

Affected packages

NVIDIA / NVTabular
0.0 to 5dd11f4

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

Metrics

Get notified