Primary

Context

NVIDIA Megatron-LM Remote Code Execution Vulnerability via Hybrid Conversion Script

Vulnerability

A remote code execution vulnerability has been identified in NVIDIA Megatron-LM, specifically within the hybrid conversion script. This vulnerability allows an attacker to execute arbitrary code by convincing a user to load a maliciously crafted file. Exploitation of this issue could also lead to unauthorized privilege escalation, disclosure of sensitive information, and tampering with data.

Impact

Exploitation of this vulnerability could result in arbitrary code execution, unauthorized privilege escalation, disclosure of sensitive information, and unauthorized data modification.

Remediation

Users are advised to update NVIDIA Megatron-LM to version 0.15.3 or later. The updated version is available on the NVIDIA Megatron-LM GitHub repository.

Added: Mar 24, 2026, 9:45 PM

Updated: Mar 24, 2026, 9:45 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.6

remediation

0.0

relevance

4.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.6

remediation

0.0

relevance

4.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Megatron-LM Remote Code Execution Vulnerability via Hybrid Conversion Script

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating