Primary

Context

NVIDIA NemoClaw Server-Side Request Forgery Vulnerability in SSRF Protection Component

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in NVIDIA NemoClaw, specifically within the validateEndpointUrl() component responsible for SSRF protection. This vulnerability allows an attacker to craft an endpoint URL that references the 0.0.0.0/8 address range, which can be delivered through a blueprint configuration file or a command-line interface (CLI) flag. Exploiting this vulnerability successfully may result in unauthorized information disclosure.

Impact

Exploitation of this vulnerability could lead to server-side request forgery, allowing attackers to manipulate server requests and potentially access or disclose sensitive information.

Remediation

Users are advised to update to version 0.0.13 or later. The updated version can be downloaded from the NVIDIA NemoClaw GitHub repository.

Added: Apr 28, 2026, 7:45 PM

Updated: Apr 28, 2026, 7:45 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

6.2

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

6.2

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA NemoClaw Server-Side Request Forgery Vulnerability in SSRF Protection Component

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating