Primary

Context

NVIDIA APEX Deserialization Vulnerability in PyTorch Environments Prior to 2.6 Allowing Code Execution and Privilege Escalation

Vulnerability

A vulnerability exists in NVIDIA APEX for Linux, where an unauthorized attacker could exploit deserialization of untrusted data. This issue affects environments using PyTorch versions prior to 2.6. Exploitation of this vulnerability could lead to code execution, denial of service, privilege escalation, data tampering, and information disclosure.

Impact

Successful exploitation could result in unauthorized code execution, denial of service, elevated privileges, unauthorized data modification, and exposure of sensitive information.

Remediation

To address this vulnerability, update NVIDIA APEX to include commit db8e053 or later. Ensure that your environment uses PyTorch 2.6 or later.

Added: Mar 24, 2026, 9:40 PM

Updated: Mar 24, 2026, 9:40 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.5

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.5

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA APEX Deserialization Vulnerability in PyTorch Environments Prior to 2.6 Allowing Code Execution and Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating