Security Advisory

CVE-2026-24231

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-28 17:46:57

Last updated 2026-04-29 15:11:36

Assigner nvidia

State PUBLISHED

Description

NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL referencing the 0.0.0.0/8 address range through a blueprint configuration file or CLI flag. A successful exploit of this vulnerability may lead to information disclosure.

← Browse all CVEs View on cve.org ↗