NVIDIA Spatial Intelligence Lab's (SIL) GEN3C contains an unauthenticated remote code execution vulnerability in the inference API server where the /request-inference and /seed-model endpoints deserialize raw HTTP request bodies using Python's pickle.loads() without authentication or input validation. Attackers can supply a crafted payload containing a reduce gadget to the inference API port to achieve remote code execution as the inference process.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53805.json",
"cwe_ids": [
"CWE-502"
],
"cna_assigner": "VulnCheck",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "db2ffe12ced12ddafcec5e0422ee46ce8520746b"
}
],
"source": "AFFECTED_FIELD"
}
]
}