Primary

Context

NVIDIA Megatron-LM Checkpoint Loading Vulnerability Leading to Remote Code Execution

Vulnerability

A remote code execution vulnerability has been identified in NVIDIA Megatron-LM, affecting all versions prior to 0.15.3. The issue arises in the checkpoint loading process, where an attacker can persuade a user to load a maliciously crafted file. Exploitation of this vulnerability could result in unauthorized code execution, elevated privileges, disclosure of sensitive information, and unauthorized data modification.

Impact

Exploitation of this vulnerability allows for remote code execution, with potential escalation of privileges, unauthorized information disclosure, and data tampering.

Remediation

Users are advised to update to version 0.15.3 or later. The updated version is available on the NVIDIA Megatron-LM GitHub repository.

Added: Mar 24, 2026, 9:31 PM

Updated: Mar 24, 2026, 9:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.3

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.3

remediation

0.0

relevance

4.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Megatron-LM Checkpoint Loading Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating