CVE-2026-24222

Name of the Vulnerable Software and Affected Versions NVIDIA NeMoClaw (affected versions not specified)

Description A flaw in the sandbox environment initialization component allows a remote attacker to cause improper access control. By sending prompt-injected content, an attacker can force the agent to read and exfiltrate host environment variables that were not properly restricted during the creation of the sandbox. This can lead to information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.