Primary

Context

NVIDIA NeMoClaw Improper Access Control Vulnerability Leading to Information Disclosure

Vulnerability

A vulnerability exists in NVIDIA NeMoClaw within the sandbox environment initialization component. This issue allows remote attackers to cause improper access control by sending prompt-injected content that prompts the agent to read and exfiltrate host environment variables that were not properly restricted during the creation of the sandbox. Exploiting this vulnerability could result in unauthorized information disclosure.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive host environment variables, allowing for potential information disclosure.

Remediation

Users are advised to update to version 0.0.18 or later. The updated version can be downloaded from the NVIDIA NeMoClaw GitHub repository.

Added: Apr 28, 2026, 7:42 PM

Updated: Apr 28, 2026, 7:42 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NeMoClaw Improper Access Control Vulnerability Leading to Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating