Primary

Context

NVIDIA Megatron-LM Checkpoint Loading Vulnerability Leading to Remote Code Execution

Vulnerability

A remote code execution vulnerability has been identified in NVIDIA Megatron-LM, specifically in the checkpoint loading process. This issue arises from improper handling of untrusted data, allowing an attacker to craft a malicious file that, when loaded by the user, executes arbitrary code. The exploitation of this vulnerability could also result in unauthorized privilege escalation, disclosure of sensitive information, and tampering with data.

Impact

Exploitation of this vulnerability allows for remote code execution, with potential escalation of privileges, unauthorized information disclosure, and data tampering.

Remediation

Users are advised to update to version 0.15.3 or later, available on the NVIDIA Megatron-LM GitHub repository.

Added: Mar 24, 2026, 9:35 PM

Updated: Mar 24, 2026, 9:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.6

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.6

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Megatron-LM Checkpoint Loading Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating