CVE-2026-24164：BioNeMo框架DoS漏洞，速修复！

NVIDIA BioNeMo包含一个漏洞（CVE-2026-24164），用户可能导致不受信任的数据反序列化。此安全漏洞的CVSS评分达到8.8，可能导致代码执行、拒绝服务（DoS）、信息泄露和数据篡改。尤其是在BioNeMo用于处理来自外部或未经验证来源的数据的环境中，风险显著。该漏洞源于BioNeMo处理特定类型序列化数据的方式，允许攻击者在反序列化过程中注入恶意代码。此漏洞的严重性需要立即关注，以防止潜在攻击并保护系统完整性。

Organizations and individuals utilizing the NVIDIA BioNeMo Framework for AI model development and deployment are at risk. This includes researchers, data scientists, and engineers working with large language models and generative AI applications. Specifically, those using older, unpatched versions of the framework are particularly vulnerable.

• python / framework: Inspect BioNeMo Framework logs for unusual deserialization errors or patterns of repeated failures.

import logging
logging.basicConfig(filename='bionemo.log', level=logging.ERROR)
# Monitor for deserialization errors

• python / framework: Check for suspicious files or scripts in the BioNeMo Framework's installation directory that might be related to exploitation. • generic web: Monitor network traffic to and from BioNeMo Framework instances for unusual patterns or requests that could indicate an attack.

1. 2026-03-31Disclosure

   disclosure

1. 已保留2026-01-21
2. 发布日期2026-03-31
3. EPSS 更新日期2026-04-08

NVIDIA已在提交'f2c2b14'中提供了此漏洞的修复程序。强烈建议BioNeMo用户尽快更新到最新版本。此外，建议实施额外的安全措施，例如在用BioNeMo处理之前严格验证所有输入数据。这包括验证数据类型、格式和内容，以防止恶意数据注入。监控BioNeMo系统是否存在可疑活动也很重要。及时应用此修复程序并实施良好的安全实践对于减轻与CVE-2026-24164相关的风险至关重要。