Improper Access Control Vulnerability in NVIDIA NeMoClaw
CVE-2026-24222

8.6HIGH

Key Information:

Vendor: Nvidia
Status: Nemoclaw
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-24222?

NVIDIA NeMoClaw features a vulnerability in its sandbox environment initialization component. This flaw can be exploited by remote attackers who send specially crafted prompt-injected content. Such actions may lead to improper access control, allowing attackers to read and exfiltrate environment variables that are not appropriately restricted during the sandbox creation process. If successfully exploited, this vulnerability could result in significant information disclosure, posing risks to sensitive data.

Affected Version(s)

NemoClaw All All versions prior to v0.0.18

References

https://nvd.nist.gov/vuln/detail/CVE-2026-24222

https://www.cve.org/CVERecord?id=CVE-2026-24222

https://nvidia.custhelp.com/app/answers/detail/a_id/5837

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Jan 21, 2026

CVE-2026-24222 Data

JSON

Nvidia

What is CVE-2026-24222?

Affected Version(s)

References

CVSS V3.1

Timeline