AI and ML, Potential Risk of CVE

CVE-2026-24164 and CVE-2026-24165: About BioNeMo Framework (06 April -2026)

Leave a comment

Preface: DNA models like DNABERT and Evo2 are Genomic Foundation Models (gLMs), which treat the DNA sequence of 4 letters (A (Adenine), C (Cytosine), T (Thymine), and G (Guanine).) as a “language” to learn the fundamental rules, patterns, and “syntax” governing life.

Similar to how Large Language Models (LLMs) like GPT are pre-trained on vast amounts of text to understand English, these DNA models are pre-trained on billions to trillions of base pairs (nucleotides) from diverse species to understand the “grammar” of genomes, including the 98% that is non-coding.

Background: For a DNA repository, NVIDIA BioNeMo (the life sciences extension of NeMo) handles the heavy lifting of transforming raw genetic sequences into “usable intelligence”. It is used for more than just simple normalization; it provides a specialized pipeline for pre-training, fine-tuning, and analyzing genomic data.

Here is how the workflow typically functions for DNA data:

1. Data Preparation & Preprocessing

Instead of generic text normalization, BioNeMo uses specialized scripts to prepare genomic data (like the GRCh38 human genome) for AI.

•Chunking: Breaking long chromosomal sequences into manageable segments (e.g., 512 nucleotides).

•Tokenization: Converting DNA “letters” (A, C, G, T) into numerical tokens. Advanced models like DNABERT-2 use Byte Pair Encoding (BPE) to process sequences up to 5x more efficiently than older methods.

•Standardization: Organizing raw genomic data into structured formats like FASTA or CSV that the training framework can ingest.

2. Categorization & Functional Prediction – details not described here

3. Downstream Analysis – details not described here

Vulnerability details:

CVE-2026-24164 – NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

CVE-2026-24165 – NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.

Official announcement: Please refer to link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5808

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.