Deserialization Vulnerability in NVIDIA Model Optimizer for Windows and Linux
CVE-2026-24141

7.8HIGH

Key Information:

Vendor: Nvidia
Status: Nvidia Model Optimizer
Vendor: CVE Published:; 24 March 2026

What is CVE-2026-24141?

The NVIDIA Model Optimizer for both Windows and Linux is vulnerable due to an issue in the ONNX quantization feature. This vulnerability allows an attacker to craft a specific input file that can trigger unsafe deserialization, potentially leading to unauthorized code execution, privilege escalation, data tampering, and information disclosure. It is essential for users of this software to be aware of the risks associated with this vulnerability and to apply relevant patches or mitigations as they are released.

Affected Version(s)

NVIDIA Model Optimizer All All versions prior to 0.41.0

References

https://nvd.nist.gov/vuln/detail/CVE-2026-24141

https://www.cve.org/CVERecord?id=CVE-2026-24141

https://nvidia.custhelp.com/app/answers/detail/a_id/5798

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Jan 21, 2026

CVE-2026-24141 Data

JSON

Nvidia

What is CVE-2026-24141?

Affected Version(s)

References

CVSS V3.1

Timeline