Home / Vulnerability Intelligence / CVE-2026-24222

CVE-2026-24222 - Vulnerability Analysis

HighCVSS: 8.6

Last Updated: April 28, 2026

NVIDIA NeMoClaw - Information Disclosure

Published: April 28, 2026Updated: April 28, 2026Remote Exploitable

Overview

NVIDIA NeMoClaw contains an information disclosure vulnerability caused by prompt injection in sandbox environment initialization, letting remote attackers exfiltrate host environment variables, exploit requires remote access.

Severity & Score

Severity: High

CVSS Score: 8.6

Impact

Remote attackers can exfiltrate sensitive host environment variables, leading to information disclosure.

Mitigation

Update to the latest version.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-24222
https://nvidia.custhelp.com/app/answers/detail/a_id/5837
https://www.cve.org/CVERecord?id=CVE-2026-24222

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-24222
Severity: High
CVSS Score: 8.6
Type: undefined
Status: unconfirmed

CWE

CWE-497

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N