Primary

Context

NVIDIA NeMo Agent Toolkit Server-Side Request Forgery Vulnerability

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in the chat API endpoint of the NVIDIA NeMo Agent Toolkit UI for Web. This vulnerability allows an attacker to manipulate server-side requests, potentially leading to unauthorized information disclosure and causing a denial-of-service condition.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure and a denial-of-service condition.

Remediation

Users are advised to update to version 1.3.0 or later. The updated version is available on the NVIDIA GitHub repository for the NeMo Agent Toolkit.

Added: Nov 25, 2025, 6:22 PM

Updated: Nov 25, 2025, 10:41 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NeMo Agent Toolkit Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating