CVE-2026-24164 — NVIDIA BioNeMo deserialization RCE

CVE-2026-24164 affects NVIDIA BioNeMo via deserialization of untrusted data (CWE-502). NVD currently rates the issue as 9.8 (critical) while the NVIDIA CNA vector is 8.8 (high). Because BioNeMo often handles user-provided biological/model artifacts, deployments should treat this as high-priority.

Affected versions

• Vulnerable: BioNeMo branches/versions that do not include commit e5e58c8
• Fixed: any BioNeMo branch that includes commit e5e58c8 (or a later release containing that patch)

Indicator-of-exposure

• BioNeMo is present in runtime or build tooling.
• Workflows deserialize external datasets/model artifacts/checkpoints.
• Platform is reachable by untrusted users or shared tenant workloads.

Quick checks:

python -m pip show bionemo || true
git log --oneline --decorate -n 200 | rg e5e58c8 || true
rg -n "pickle|torch\.load|yaml\.load|deserialize|bionemo" .

Remediation strategy

• Move to a BioNeMo revision that includes e5e58c8.
• Ensure loading paths reject or sandbox untrusted serialized content.
• Restrict pipeline credentials and isolate workers handling imported artifacts.
• Rebuild artifacts/images after patching.

The prompt

You are remediating CVE-2026-24164 (NVIDIA BioNeMo deserialization RCE).
Produce exactly one output:

1. A reviewer-ready PR with minimal safe remediation, or
2. TRIAGE.md if no safe patch path exists.

## Rules

- Scope only CVE-2026-24164.
- Prefer applying/consuming the upstream fix commit `e5e58c8`.
- Keep changes minimal and deterministic.
- Do not auto-merge.

## Steps

1. Locate BioNeMo dependency source (pip, git submodule, vendored source,
   container image).
2. Verify whether commit `e5e58c8` is already present.
3. If missing, update version/ref to include it and regenerate lockfiles/images.
4. Add one control where deserialization occurs:
   - trusted-source allow-list,
   - explicit validation gate,
   - or sandboxing/least-privilege execution note.
5. Run tests/build checks.
6. Output PR title:
   `fix(sec): remediate CVE-2026-24164 in nvidia bionemo`.

## Stop conditions

- Upstream patch cannot be consumed without unsafe major migration.
- BioNeMo is not present in this repository/runtime.
- Build/test failures are pre-existing and unrelated.

Verification — what the reviewer looks for

• Dependency ref/release includes commit e5e58c8 or newer fixed release.
• No vulnerable BioNeMo revision remains in lockfiles/images.
• PR documents one concrete control for untrusted deserialization paths.

References

• NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2026-24164
• NVIDIA bulletin (BioNeMo): https://nvidia.custhelp.com/app/answers/detail/a_id/5808
• CVE record: https://www.cve.org/CVERecord?id=CVE-2026-24164