External risk intelligence

NVIDIA GEN3C Inference API Unauthenticated Remote Code Execution via Pickle Deserialization.

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-53805

NVIDIA SIL's GEN3C inference API server has a critical vulnerability allowing unauthenticated remote code execution. Attackers can send crafted HTTP requests to specific endpoints, exploiting insecure deserialization to run arbitrary code as the inference process. It's important to identify if this technology is in use

Deserialization

Halo Surface Signal

Very likely · external exposure

5Halo Surface Signal

The vulnerability resides in an inference API server, which is a public-facing component by design. Because it lacks authentication and exposes model endpoints directly to the network, it is intended for reachability and interaction, making it highly likely to be internet-exposed in typical deployment scenarios.

Horizon Alert

Summary of the vulnerability and why it matters

This advisory details a critical vulnerability in NVIDIA's GEN3C technology affecting its inference API server. An unauthenticated attacker can exploit this by sending a specially crafted request to specific endpoints, potentially leading to remote code execution on the server. The main concern is confirming if this technology is in use and if it's exposed to external networks.

  • Unauthenticated code execution in NVIDIA inference servers.
  • Critical vulnerability could allow attackers remote control.
  • Confirm relevance and exposure of NVIDIA inference technology.

Attack Path

How an attacker could exploit the issue

Attackers can reach an NVIDIA SIL GEN3C inference API server over the network and send specially crafted HTTP requests to trigger a deserialization vulnerability. This vulnerability, located in the `/request-inference` and `/seed-model` endpoints, can lead to remote code execution on the server, allowing an attacker to control the inference process.

  • Unauthenticated network access required.
  • Deserializing untrusted HTTP request bodies.
  • Remote code execution on the inference server.

Live Threat

Current exploitation, exposure, and threat context

The inference API server in NVIDIA SIL's GEN3C, when exposed to the network and without authentication, could allow attackers to execute arbitrary code by sending specially crafted data to its `/request-inference` or `/seed-model` endpoints. This occurs because the server deserializes raw HTTP request bodies using Python's pickle.loads() without proper validation. The affected system could be compromised, leading to unauthorized code execution as the inference process.

  • System code execution.
  • Unauthenticated network requests.
  • Compromise of inference process.

Operational Fix

Recommended remediation, mitigation, and detection steps

The NVIDIA SIL GEN3C inference API server is susceptible to unauthenticated remote code execution due to insecure deserialization. Real-world responsibility likely falls to the platform or infrastructure teams managing the SIL deployment, in coordination with security teams for exposure assessment and vendor management if the GEN3C is a third-party component. The first practical step is to identify all instances of GEN3C, determine their network reachability and business criticality, and then plan remediation based on risk, potentially involving vendor engagement for a confirmed fix.

  • Platform/Infrastructure owns the vulnerability.
  • Verify network exposure and business criticality.
  • Plan remediation based on risk and vendor advice.

Supplementary metadata

PCI scan relevance

Yes

CVE-2026-53805 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability in NVIDIA SIL's GEN3C allows unauthenticated remote code execution, which is a severe security flaw that would likely cause a PCI ASV scan to fail.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Free EASM Trial See How Signal Works

Frequently asked questions

What is NVIDIA GEN3C and what is it used for?

NVIDIA Spatial Intelligence Lab's GEN3C is a technology designed for spatial intelligence tasks. It features an inference API server that enables users to perform model inference and seeding. In practice, developers or data scientists use this server to interact with machine learning models by sending data to its endpoints, making it a functional component in environments handling automated spatial data processing or model deployment.

What does deserialization vulnerability mean for CVE-2026-53805?

This CVE involves a weakness known as insecure deserialization (CWE-502). The software uses a tool called pickle to process incoming data without checking if it is safe. Because the system blindly trusts and executes this data, an attacker can hide malicious commands inside a request. When the server processes these requests, it inadvertently runs that hidden code, effectively giving the attacker control over the server process.

How do attackers trigger this remote code execution?

An attacker triggers the vulnerability by sending a specially crafted HTTP request to the /request-inference or /seed-model endpoints. Because the service does not require authentication, anyone with network access to these ports can send the malicious data. Simply browsing the server or sending standard, non-malicious data will not trigger the vulnerability; it requires the specific, crafted payload designed to exploit the pickle deserialization process.

Is my system at risk if I use NVIDIA GEN3C?

Halo Surface Signal indicates that because the inference API is designed to be accessible for interaction, it is highly likely to be internet-exposed in many deployments. If your GEN3C instance is reachable from the internet or an untrusted network without additional security controls, it is at higher risk. You should determine if your specific deployment allows connections from outside your local network, as that significantly increases the potential for unauthorized access.

What are the first steps for securing this software?

Begin by auditing your infrastructure to locate all active instances of the GEN3C inference server. Once identified, evaluate whether these services are reachable from the network and assess their business importance. Coordinate with your platform or infrastructure team to restrict access to these endpoints immediately while you work to apply necessary security updates or implement compensating controls to block untrusted traffic from reaching the API.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished