Preface: While NVIDIA has not “dropped” support for the core OpenClaw framework, in some specific cases they have moved away from its standard form.

Background: Because NemoClaw “bakes” certain variables into the sandbox configuration during onboarding, if they are not correctly scoped or sanitized, they remain accessible to the agent process even though it should be isolated.

As a result, this allows an attacker to exfiltrate critical secrets (like the NVIDIA_API_KEY or TELEGRAM_BOT_TOKEN mentioned) through the agent’s existing communication channels.

To address the vulnerability identified in CVE-2026-24222 (and the related SSRF risk in CVE-2026-24231), admin should use the following CLI flags during sandbox creation or update. These flags, introduced in NemoClaw v0.0.18, are designed to strictly control which host environment variables are “baked” into the sandbox environment.

For details, see attached diagram.

Vulnerability details:

CVE-2026-2422 NVIDIA NemoClaw contains a vulnerability in the sandbox environment initialization component where a remote attacker may cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability may lead to information disclosure.

CVE-2026-24231 NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component where an attacker may cause a server-side request forgery by supplying a crafted endpoint URL referencing the 0[.]0[.]0[.]0/8 address range via a blueprint configuration file or CLI flag. A successful exploit of this vulnerability may lead to information disclosure.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5837

Recommended Action:
NVIDIA has released a software update for NVIDIA NemoClaw to address this issue. Users should update to version v0.0.18 or later immediately, as the privilege escalation fixes are critical.

Preface: NVIDIA FLARE allows research and data scientists to adapt existing ML/DL workflow to federated learning paradigm.

Background: A critical Insecure Direct Object Reference (IDOR) vulnerability was identified in the NVIDIA NVFlare Dashboard (CVE-2026-24178). In federated learning environments—where privacy is paramount (e.g., HIPAA-compliant medical research)—this flaw allowed unauthorized users to bypass access controls and interact with data belonging to other participants.

The Dashboard’s RESTful API previously relied on user-supplied identifiers (such as job_id or user_id) to retrieve records. While the system verified that a user was logged in (Authentication), it failed to verify if that user actually owned or was authorized to access the specific record requested (Authorization). This allowed an attacker to simply change a numeric ID in an API request to view, modify, or delete sensitive information outside their scope.

Vulnerability details: NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service.

Remediation: The Patch
The vulnerability is fully addressed in NVIDIA FLARE SDK v2.7.2. The fix implements Attribute-Based Access Control (ABAC) by:

• Decoupling Trust: The backend no longer trusts the ID provided in the request URL/body as the sole source of authority.
• Enforcing Ownership: Every database query now automatically injects an owner_id or org_id filter derived from a secure, server-side session.
• Silent Rejection: Unauthorized requests now correctly return a 403 Forbidden error, ensuring data isolation between collaborating parties.

Official announcement: Please refer to the link for details –

https://nvidia.custhelp.com/app/answers/detail/a_id/5819

Preface: Self-service AI is a technology that uses AI techniques (such as chatbots, natural language processing (NLP), and machine learning) to enable customers to solve problems or find information themselves anytime, anywhere, without interacting with human customer service. It acts as a digital agent, providing instant assistance through channels such as websites, instant messaging applications, and voice systems.

Background: In the context of Amazon Content Designer, the result of using static-eval depends entirely on the AST (Abstract Syntax Tree) generated from your string and the Context (variables) you provide. The primary goal of static-eval is to return a plain JavaScript value without using the dangerous eval() function.

An Abstract Syntax Tree (AST) in the context of static evaluation (static-eval) is a hierarchical, tree-structured representation of source code that captures its logical and structural meaning without requiring the code to be executed.

In static analysis, the code is parsed into this tree format, allowing tools to traverse, analyze, and manipulate the structure to find potential bugs, security vulnerabilities, or styling issues before runtime.

Vulnerability details: Improper use of the static-eval npm package in the open source solution qnabot-on-aws versions 7.2.4 and earlier may allow an authenticated administrator to execute arbitrary code within the fulfillment Lambda execution context by injecting a crafted conditional chaining expression via the Content Designer interface, which bypasses the intended expression sandbox through JavaScript prototype manipulation. This may grant direct access to backend resources (Lambda environment variables, OpenSearch indices, S3 objects, DynamoDB tables) that are not exposed through normal administrative interfaces. We recommend you upgrade to version 7.3.0 or above.

Official announcement: Please refer to link for details –

https://nvd.nist.gov/vuln/detail/CVE-2026-7191