Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
NVIDIA NeMo Framework: Malicious Data Can Execute Code
CVE-2025-33236
Summary
An attacker could inject malicious data into the NVIDIA NeMo Framework, potentially leading to unauthorized code execution and other security risks. This means that an attacker could take control of the system or access sensitive information. To protect your organization, update to the latest version of the NeMo Framework as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| nvidia | nemo | <= 2.6.1 | – |
Original title
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escal...
Original description
NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
nvd CVSS3.1
7.8
Vulnerability type
CWE-94
Code Injection
- https://nvd.nist.gov/vuln/detail/CVE-2025-33236 US Government Resource VDB Entry
- https://nvidia.custhelp.com/app/answers/detail/a_id/5762 Vendor Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-33236 Third Party Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026