VYPR
Medium severity6.3NVD Advisory· Published Apr 28, 2026· Updated May 4, 2026

CVE-2026-24231

CVE-2026-24231

Description

NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL referencing the 0.0.0.0/8 address range through a blueprint configuration file or CLI flag. A successful exploit of this vulnerability may lead to information disclosure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nvidia/Nemoclaw2 versions
    cpe:2.3:a:nvidia:nemoclaw:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:nvidia:nemoclaw:*:*:*:*:*:*:*:*range: <0.0.13
    • (no CPE)

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.