Primary

Context

NVIDIA Megatron LM Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in NVIDIA Megatron LM, specifically in the quantization configuration loading process. This vulnerability, present in all versions prior to 0.15.3, could be exploited to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution, with potential escalation of privileges, unauthorized information disclosure, and data tampering.

Remediation

Users are advised to update to version 0.15.3 or later. The updated version is available on the NVIDIA Megatron-LM GitHub repository.

Added: Mar 24, 2026, 9:38 PM

Updated: Mar 24, 2026, 9:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.7

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.7

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Megatron LM Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating