CVE-2026-24217

NVIDIA · BioNeMo Core

NVIDIA BioNeMo Core for Linux contains a path traversal vulnerability that allows a user to access unauthorized files by loading a malicious file.

Executive summary

A path traversal vulnerability in NVIDIA BioNeMo Core for Linux allows attackers to access unauthorized files, posing a risk of sensitive information disclosure.

Vulnerability

This is a path traversal vulnerability that occurs when the application fails to properly sanitize input while loading files. By providing a malicious file path, an authenticated user can read files outside of the intended application directory.

Business impact

With a CVSS score of 8.8, this vulnerability is classified as High severity. An attacker could leverage this flaw to read configuration files, system credentials, or sensitive research data, leading to a compromise of the host environment.

Remediation

Immediate Action: Update NVIDIA BioNeMo Core to the latest version as specified by the vendor’s security advisory.

Proactive Monitoring: Review system and application access logs for attempts to access restricted file paths or directory traversal patterns (e.g., "../").

Compensating Controls: Ensure the application runs with the principle of least privilege, restricting the file system access of the service account to only the necessary directories.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The severity of this path traversal vulnerability necessitates immediate action to prevent unauthorized file access. Administrators should apply the vendor-recommended security updates and enforce strict file system permissions to contain the risk.