Improper Deserialization Vulnerability Found in NVIDIA Transformers4Rec for Linux
CVE-2026-24162

7.8HIGH

Key Information:

Vendor

Nvidia
Status
Merlin Transformers4rec
Vendor
CVE Published:
26 May 2026

What is CVE-2026-24162?

NVIDIA Transformers4Rec for Linux is impacted by a vulnerability that allows an attacker to exploit improper deserialization of untrusted data. This flaw may enable malicious actors to execute arbitrary code, alter data, or gain unauthorized access to sensitive information.

Affected Version(s)

Merlin Transformers4Rec Linux All commits on Main prior to March 11, 2026

References

https://nvd.nist.gov/vuln/detail/CVE-2026-24162
https://www.cve.org/CVERecord?id=CVE-2026-24162
https://nvidia.custhelp.com/app/answers/detail/a_id/5838

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.