NVIDIA NeMoClaw contains a vulnerability in the sandbox...
High severity
Unreviewed
Published
Apr 28, 2026
to the GitHub Advisory Database
•
Updated Apr 28, 2026
Description
Published by the National Vulnerability Database
Apr 28, 2026
Published to the GitHub Advisory Database
Apr 28, 2026
Last updated
Apr 28, 2026
NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure.
References