CVE-2026-24231

Name of the Vulnerable Software and Affected Versions NVIDIA NemoClaw (affected versions not specified)

Description A flaw exists in the validateEndpointUrl() SSRF protection component. An attacker can trigger a server-side request forgery (SSRF)—a flaw that allows a server to be coerced into making unintended requests—by providing a crafted endpoint URL that references the 0.0.0.0/8 address range via a blueprint configuration file or CLI flag. This may result in information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.