CVE-2026-24217
NVIDIA · BioNeMo Core
NVIDIA BioNeMo Core for Linux contains a path traversal vulnerability that allows a user to access unauthorized files by loading a malicious file.
Executive summary
A path traversal vulnerability in NVIDIA BioNeMo Core for Linux allows attackers to access unauthorized files, posing a risk of sensitive information disclosure.
Vulnerability
This is a path traversal vulnerability that occurs when the application fails to properly sanitize input while loading files. By providing a malicious file path, an authenticated user can read files outside of the intended application directory.
Business impact
With a CVSS score of 8.8, this vulnerability is classified as High severity. An attacker could leverage this flaw to read configuration files, system credentials, or sensitive research data, leading to a compromise of the host environment.
Remediation
Immediate Action: Update NVIDIA BioNeMo Core to the latest version as specified by the vendor’s security advisory.
Proactive Monitoring: Review system and application access logs for attempts to access restricted file paths or directory traversal patterns (e.g., "../").
Compensating Controls: Ensure the application runs with the principle of least privilege, restricting the file system access of the service account to only the necessary directories.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The severity of this path traversal vulnerability necessitates immediate action to prevent unauthorized file access. Administrators should apply the vendor-recommended security updates and enforce strict file system permissions to contain the risk.