Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-24162

Summary
Assigner-nvidia
Assigner Org ID-9576f279-3576-44b5-a4af-b9a8644b2de6
Published At-26 May, 2026 | 16:12
Updated At-26 May, 2026 | 19:22
Rejected At-
Credits

NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:nvidia
Assigner Org ID:9576f279-3576-44b5-a4af-b9a8644b2de6
Published At:26 May, 2026 | 16:12
Updated At:26 May, 2026 | 19:22
Rejected At:
▼CVE Numbering Authority (CNA)

NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Affected Products
Vendor
NVIDIA CorporationNVIDIA
Product
Merlin Transformers4Rec
Platforms
  • Linux
Default Status
unaffected
Versions
Affected
  • All commits on Main prior to March 11, 2026
Problem Types
TypeCWE IDDescription
CWECWE-502CWE-502 Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: CWE-502 Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/ACode execution, data tampering,, information disclosure
CAPEC ID: N/A
Description: Code execution, data tampering,, information disclosure
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://nvd.nist.gov/vuln/detail/CVE-2026-24162
N/A
https://www.cve.org/CVERecord?id=CVE-2026-24162
N/A
https://nvidia.custhelp.com/app/answers/detail/a_id/5838
N/A
Hyperlink: https://nvd.nist.gov/vuln/detail/CVE-2026-24162
Resource: N/A
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2026-24162
Resource: N/A
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5838
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@nvidia.com
Published At:26 May, 2026 | 17:16
Updated At:26 May, 2026 | 19:08

NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-502Primarypsirt@nvidia.com
CWE ID: CWE-502
Type: Primary
Source: psirt@nvidia.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://nvd.nist.gov/vuln/detail/CVE-2026-24162psirt@nvidia.com
N/A
https://nvidia.custhelp.com/app/answers/detail/a_id/5838psirt@nvidia.com
N/A
https://www.cve.org/CVERecord?id=CVE-2026-24162psirt@nvidia.com
N/A
Hyperlink: https://nvd.nist.gov/vuln/detail/CVE-2026-24162
Source: psirt@nvidia.com
Resource: N/A
Hyperlink: https://nvidia.custhelp.com/app/answers/detail/a_id/5838
Source: psirt@nvidia.com
Resource: N/A
Hyperlink: https://www.cve.org/CVERecord?id=CVE-2026-24162
Source: psirt@nvidia.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

159Records found
CVE-2025-60035
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.63%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 14:01
Updated-24 Feb, 2026 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in the OPC.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the OPC.Testclient.

Action-Not Available
Vendor-Bosch RexrothRobert Bosch GmbH
Product-rexroth_indraworksIndraWorks
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-60037
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.63%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 14:03
Updated-24 Feb, 2026 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Rexroth IndraWorks. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running Rexroth IndraWorks.

Action-Not Available
Vendor-Bosch RexrothRobert Bosch GmbH
Product-rexroth_indraworksIndraWorks
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-60036
Matching Score-4
Assigner-Robert Bosch GmbH
ShareView Details
Matching Score-4
Assigner-Robert Bosch GmbH
CVSS Score-7.8||HIGH
EPSS-0.18% / 39.63%
||
7 Day CHG~0.00%
Published-18 Feb, 2026 | 14:02
Updated-24 Feb, 2026 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in the UA.Testclient utility, which is included in Rexroth IndraWorks. All versions prior to 15V24 are affected. This flaw allows an attacker to execute arbitrary code on the user's system by parsing a manipulated file containing malicious serialized data. Exploitation requires user interaction, specifically opening a specially crafted file, which then causes the application to deserialize the malicious data, enabling Remote Code Execution (RCE). This can lead to a complete compromise of the system running the UA.Testclient.

Action-Not Available
Vendor-Bosch RexrothRobert Bosch GmbH
Product-rexroth_ua.testclientrexroth_indraworksIndraWorksUA.Testclient
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-53416
Matching Score-4
Assigner-Delta Electronics, Inc.
ShareView Details
Matching Score-4
Assigner-Delta Electronics, Inc.
CVSS Score-7.8||HIGH
EPSS-1.99% / 83.83%
||
7 Day CHG~0.00%
Published-30 Jun, 2025 | 09:14
Updated-15 Jul, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File Parsing Deserialization of Untrusted Data in DTN Soft

Delta Electronics DTN Soft Project File Parsing Deserialization of Untrusted Data Remote Code Execution

Action-Not Available
Vendor-Delta Electronics, Inc.
Product-DTN Soft
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-27978
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-3.90% / 88.43%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 00:00
Updated-05 Feb, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior).

Action-Not Available
Vendor-Schneider Electric SE
Product-custom_reportsigss_dashboardigss_data_serverIGSS Dashboard (DashBoard.exe)IGSS Data Server(IGSSdataServer.exe)Custom Reports (RMS16.dll)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-7528
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-7.8||HIGH
EPSS-0.41% / 61.24%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 15:39
Updated-04 Aug, 2024 | 09:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which could allow arbitrary code execution when an attacker builds a custom .PRJ file containing a malicious serialized buffer.

Action-Not Available
Vendor-n/a
Product-scadapack_7x_remote_connectSCADAPack 7x Remote Connect V3.6.3.574 and prior.
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-28948
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-76.87% / 98.98%
||
7 Day CHG~0.00%
Published-19 Nov, 2020 | 18:14
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectThe PHP GroupThe Drupal Association
Product-debian_linuxfedoradrupalarchive_tarn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-47994
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.41% / 80.70%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-13 Feb, 2026 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Elevation of Privilege Vulnerability

Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficesharepoint_enterprise_serveroffice_long_term_servicing_channelMicrosoft 365 Apps for EnterpriseMicrosoft Office 2016Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-40759
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.5||HIGH
EPSS-0.16% / 36.30%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 11:17
Updated-09 Dec, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions < V19 Update 4), SIMATIC STEP 7 V20 (All versions < V20 Update 4), SIMATIC WinCC V17 (All versions < V17 Update 9), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions < V19 Update 4), SIMATIC WinCC V20 (All versions < V20 Update 4), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOCODE ES V20 (All versions), SIMOTION SCOUT TIA V5.4 (All versions), SIMOTION SCOUT TIA V5.5 (All versions), SIMOTION SCOUT TIA V5.6 (All versions < V5.6 SP1 HF7), SIMOTION SCOUT TIA V5.7 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SINAMICS Startdrive V20 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Safety ES V20 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V20 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions < V5.2.1.1), TIA Portal Cloud V20 (All versions < V5.2.2.2). Affected products do not properly sanitize stored security properties when parsing project files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC S7-PLCSIM V17SIMATIC STEP 7 V18SIRIUS Soft Starter ES V18 (TIA Portal)SIMATIC STEP 7 V17SIMOTION SCOUT TIA V5.7SIMATIC WinCC V20SIRIUS Safety ES V19 (TIA Portal)TIA Portal Cloud V17SIMATIC STEP 7 V20SIRIUS Soft Starter ES V19 (TIA Portal)TIA Portal Cloud V18SIRIUS Safety ES V18 (TIA Portal)SIMOCODE ES V19TIA Portal Cloud V19SINAMICS Startdrive V19SIMATIC WinCC V18SIMOCODE ES V18SIRIUS Safety ES V20 (TIA Portal)SIMATIC WinCC V17SINAMICS Startdrive V20SIMOTION SCOUT TIA V5.4SINAMICS Startdrive V18SINAMICS Startdrive V17SIMOTION SCOUT TIA V5.6SIMOTION SCOUT TIA V5.5SIRIUS Soft Starter ES V17 (TIA Portal)SIRIUS Safety ES V17 (TIA Portal)SIMATIC STEP 7 V19TIA Portal Cloud V20SIMATIC WinCC V19SIMOCODE ES V20SIMOCODE ES V17SIRIUS Soft Starter ES V20 (TIA Portal)
CWE ID-CWE-502
Deserialization of Untrusted Data
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found