GHSA-478c-rj3v-9229CriticalCVSS 9.8

NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution...

Published
June 17, 2026
Last Modified
June 17, 2026

🔗 CVE IDs covered (1)

📋 Description

NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads() without authentication or input validation. Attackers can supply a crafted payload containing a reduce gadget to the inference API port to achieve remote code execution as the inference process.

🔗 References (6)