{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24222", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2026-01-21T19:09:36.964Z", "datePublished": "2026-04-28T17:46:37.015Z", "dateUpdated": "2026-04-28T17:46:37.015Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-04-28T17:46:37.015Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-497", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Information disclosure"}]}], "affected": [{"vendor": "NVIDIA", "product": "NemoClaw", "platforms": ["All"], "versions": [{"status": "affected", "version": "All versions prior to v0.0.18"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure.", "supportingMedia": [{"type": "text/html", "base64": true, "value": "NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure."}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24222"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24222"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5837"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure."}], "id": "CVE-2026-24222", "lastModified": "2026-04-28T20:10:42.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2026-04-28T19:36:45.517", "references": [{"source": "psirt@nvidia.com", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24222"}, {"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5837"}, {"source": "psirt@nvidia.com", "url": "https://www.cve.org/CVERecord?id=CVE-2026-24222"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "psirt@nvidia.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-29T02:15:22.793444+00:00", "value": {"mitigation_remediation": ["Upgrade NeMoClaw to a version that contains the vendor\u2011supplied fix once it is released; consult NVIDIA\u2019s official advisory for patch details", "If an update cannot be applied immediately, segment the NeMoClaw deployment from untrusted networks or implement firewall rules to restrict inbound connections to the agent endpoint", "Review and strengthen the sandbox initialization configuration by explicitly blocking or sanitizing host environment variables from being exposed to the agent, thereby addressing the CWE\u2011497 misuse of restricted permissions"], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects NVIDIA NeMoClaw. No specific product versions are listed in the CNA data, so any deployed instance of NeMoClaw could be impacted until an official fix is applied.", "description_and_impact": "NVIDIA NeMoClaw contains an improper access control flaw in the sandbox environment initialization component. A remote attacker can send prompt\u2011injected content that causes the agent to read and exfiltrate host environment variables that should have been restricted during sandbox creation. The primary consequence is the disclosure of sensitive information gleaned from those variables, potentially revealing configuration secrets or credentials. This weakness is classified as CWE\u2011497 and results in a high CVSS score of 8.6.", "risk_and_exploitability": "The CVSS score of 8.6 indicates a high severity vulnerability requiring prompt attention. While the EPSS score is not available, the lack of a KEV listing does not mitigate the risk of exploitation. The likely attack vector is remote; an adversary must be able to interact with the NeMoClaw agent, typically via network or API access, to inject the malicious prompt that triggers the unauthorized read of host environment variables. Successful exploitation leads to unprivileged information disclosure that could aid further attacks."}}}}, "created": "2026-04-29T02:15:47.415342+00:00", "title": "Remote Information Disclosure via Prompt Injection in NeMoClaw Sandbox Initialization", "updated": "2026-04-29T02:15:47.415354+00:00", "vendors": []}