Primary

Context

NVIDIA BioNeMo Framework Deserialization Vulnerability Leading to Code Execution and Data Compromise

Vulnerability

A vulnerability in the NVIDIA BioNeMo Framework allows for the deserialization of untrusted data. Exploiting this vulnerability could result in unauthorized code execution, denial of service, information disclosure, and data tampering. This issue affects all versions of the BioNeMo Framework that do not include the security update referenced in this bulletin.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution, disruption of service, unauthorized information access, and unauthorized modification of data.

Remediation

Users are advised to update to the latest version of the NVIDIA BioNeMo Framework that includes commit e5e58c8 or later. This update is available on the NVIDIA BioNeMo Framework GitHub repository.

Added: Mar 31, 2026, 5:39 PM

Updated: Mar 31, 2026, 5:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.8

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.8

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA BioNeMo Framework Deserialization Vulnerability Leading to Code Execution and Data Compromise

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating