Primary

Context

NVIDIA Model Optimizer ONNX Quantization Unsafe Deserialization Vulnerability Allowing Code Execution

Vulnerability

A vulnerability exists in the ONNX quantization feature of NVIDIA Model Optimizer for Windows and Linux. This issue allows for unsafe deserialization by using a specially crafted input file. Exploiting this vulnerability could lead to code execution, escalation of privileges, data tampering, and information disclosure.

Impact

Successful exploitation may result in unauthorized code execution, elevated privileges, altered data, and leaked information.

Remediation

Users are advised to update to version 0.41.0 or later. The updated version is available on the NVIDIA GitHub page.

Added: Mar 24, 2026, 9:53 PM

Updated: Mar 24, 2026, 9:53 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.6

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.6

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Model Optimizer ONNX Quantization Unsafe Deserialization Vulnerability Allowing Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating