Primary

Context

NVIDIA Megatron-LM Remote Code Execution Vulnerability in Inferencing

Vulnerability

A remote code execution vulnerability has been identified in NVIDIA Megatron-LM, all versions prior to 0.15.3. This vulnerability arises in the inferencing process, where an attacker can exploit the issue by persuading a user to load a maliciously crafted input. Successful exploitation could lead to unauthorized code execution, elevated privileges, disclosure of sensitive information, and unauthorized data modification.

Impact

Exploitation of this vulnerability allows for remote code execution, with potential escalation of privileges, unauthorized information disclosure, and data tampering.

Remediation

Users are advised to update to version 0.15.3 or later. The updated version is available on the NVIDIA Megatron-LM GitHub repository.

Added: Mar 24, 2026, 9:35 PM

Updated: Mar 24, 2026, 9:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.6

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.6

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Megatron-LM Remote Code Execution Vulnerability in Inferencing

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating