CVE-2026-24217

Vulnerability

NVIDIA BioNeMo Core for Linux contains a path traversal vulnerability [1]. A user can trigger a path traversal by loading a malicious file, potentially escaping the intended directory. The exact affected versions are not disclosed in the available reference, but the issue affects the Linux distribution of BioNeMo Core.

Exploitation

To exploit the vulnerability, an attacker must be able to load a malicious file into the application. The vector is path traversal, meaning the malicious file can reference paths outside the intended scope. No further details on required privileges or network position are provided in the reference.

Impact

Successful exploitation could lead to code execution, denial of service, information disclosure, and data tampering [1]. This indicates a full compromise of confidentiality, integrity, and availability. The attacker may achieve arbitrary code execution within the context of the application.

Mitigation

As of the publication date (2026-05-20), no fixed version or workaround has been disclosed in the available references [1]. Users are advised to monitor NVIDIA's official security advisories for patches. If no update is expected, consider isolating the application or applying strict file input validation.