VYPR
High severity8.6NVD Advisory· Published Apr 28, 2026· Updated May 4, 2026

CVE-2026-24222

CVE-2026-24222

Description

NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nvidia/Nemoclaw2 versions
    cpe:2.3:a:nvidia:nemoclaw:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:nvidia:nemoclaw:*:*:*:*:*:*:*:*range: <0.0.18
    • (no CPE)

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.