VDB
KO
MEDIUM 4.4

PYSEC-2026-685

Path Traversal in nemo-toolkit

Details

NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / nemo-toolkit
Introduced in: 0 Fixed in: 1.6.0
Fix pip install --upgrade 'nemo-toolkit>=1.6.0'

References