Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    981 vulnerabilities

    CVE-2026-24270 (GCVE-0-2026-24270)

    Vulnerability from cvelistv5 – Published: 2026-07-01 15:12 – Updated: 2026-07-01 15:56
    VLAI
    Summary
    NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA AIStore framework Affected: 0 - 4.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:55:58.840378Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:56:06.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "AIStore framework",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0 - 4.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering."
                }
              ],
              "value": "NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, escalation of privileges, information disclosure, data tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-290",
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T15:12:00.415Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24270"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24270"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5849"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24270",
        "datePublished": "2026-07-01T15:12:00.415Z",
        "dateReserved": "2026-01-21T19:09:49.054Z",
        "dateUpdated": "2026-07-01T15:56:06.586Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24266 (GCVE-0-2026-24266)

    Vulnerability from cvelistv5 – Published: 2026-07-01 15:11 – Updated: 2026-07-01 15:55
    VLAI
    Summary
    NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Triton Inference Server Affected: 0.0 - 26.03
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:55:34.531343Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:55:42.553Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Triton Inference Server",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0 - 26.03"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T15:11:30.422Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24266"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24266"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5848"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24266",
        "datePublished": "2026-07-01T15:11:30.422Z",
        "dateReserved": "2026-01-21T19:09:49.054Z",
        "dateUpdated": "2026-07-01T15:55:42.553Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24264 (GCVE-0-2026-24264)

    Vulnerability from cvelistv5 – Published: 2026-07-01 15:11 – Updated: 2026-07-01 15:55
    VLAI
    Summary
    NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Triton Inference Server Affected: 0.0 - 26.03
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24264",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:55:06.799523Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:55:16.556Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Triton Inference Server",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0 - 26.03"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-409",
                  "description": "CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T15:11:08.653Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24264"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24264"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5848"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24264",
        "datePublished": "2026-07-01T15:11:08.653Z",
        "dateReserved": "2026-01-21T19:09:49.054Z",
        "dateUpdated": "2026-07-01T15:55:16.556Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24251 (GCVE-0-2026-24251)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:58 – Updated: 2026-07-01 15:54
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24251",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:54:41.899683Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:54:49.582Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:58:48.711Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24251"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24251"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24251",
        "datePublished": "2026-07-01T14:58:48.711Z",
        "dateReserved": "2026-01-21T19:09:48.283Z",
        "dateUpdated": "2026-07-01T15:54:49.582Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24250 (GCVE-0-2026-24250)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:58 – Updated: 2026-07-01 15:54
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24250",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:54:11.357141Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:54:21.738Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:58:22.971Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24250"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24250"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24250",
        "datePublished": "2026-07-01T14:58:22.971Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T15:54:21.738Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24249 (GCVE-0-2026-24249)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:57 – Updated: 2026-07-01 15:57
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24249",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:57:02.636671Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:57:54.343Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:57:40.156Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24249"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24249"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24249",
        "datePublished": "2026-07-01T14:57:40.156Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T15:57:54.343Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24248 (GCVE-0-2026-24248)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:57 – Updated: 2026-07-01 15:58
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24248",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:58:23.907367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:58:34.670Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:57:15.559Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24248"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24248"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24248",
        "datePublished": "2026-07-01T14:57:15.559Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T15:58:34.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24247 (GCVE-0-2026-24247)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:56 – Updated: 2026-07-01 15:59
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24247",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:58:58.738086Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:59:10.202Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:56:43.115Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24247"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24247"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24247",
        "datePublished": "2026-07-01T14:56:43.115Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T15:59:10.202Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24246 (GCVE-0-2026-24246)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:56 – Updated: 2026-07-01 15:59
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-470 - Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:59:33.583373Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:59:51.577Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-470",
                  "description": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:56:10.358Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24246"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24246"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24246",
        "datePublished": "2026-07-01T14:56:10.358Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T15:59:51.577Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24245 (GCVE-0-2026-24245)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:55 – Updated: 2026-07-01 15:56
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T15:56:28.421678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T15:56:36.525Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:55:42.442Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24245"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24245"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24245",
        "datePublished": "2026-07-01T14:55:42.442Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T15:56:36.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24244 (GCVE-0-2026-24244)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:53 – Updated: 2026-07-01 16:01
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:00:55.160505Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:01:05.581Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:53:08.726Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24244"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24244"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24244",
        "datePublished": "2026-07-01T14:53:08.726Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T16:01:05.581Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24243 (GCVE-0-2026-24243)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:49 – Updated: 2026-07-01 16:01
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:01:31.979105Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:01:43.479Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:49:30.711Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24243"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24243"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24243",
        "datePublished": "2026-07-01T14:49:30.711Z",
        "dateReserved": "2026-01-21T19:09:47.375Z",
        "dateUpdated": "2026-07-01T16:01:43.479Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24242 (GCVE-0-2026-24242)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:48 – Updated: 2026-07-01 16:02
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24242",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:02:02.255999Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:02:13.255Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:48:44.441Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24242"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24242"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24242",
        "datePublished": "2026-07-01T14:48:44.441Z",
        "dateReserved": "2026-01-21T19:09:47.374Z",
        "dateUpdated": "2026-07-01T16:02:13.255Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24240 (GCVE-0-2026-24240)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:43 – Updated: 2026-07-01 16:02
    VLAI
    Summary
    NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Megatron-Bridge Affected: Versions 0.0 to 0.4.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24240",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:02:32.403467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:02:40.142Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "Megatron-Bridge",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 0.4.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:43:24.661Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24240"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24240"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24240",
        "datePublished": "2026-07-01T14:43:24.661Z",
        "dateReserved": "2026-01-21T19:09:37.973Z",
        "dateUpdated": "2026-07-01T16:02:40.142Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23351 (GCVE-0-2025-23351)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:39 – Updated: 2026-07-01 16:03
    VLAI
    Summary
    NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    NVIDIA ConnectX-4 Affected: All versions prior to 28.4702
    Create a notification for this product.
    NVIDIA ConnectX-4 LX Affected: All versions prior to 32.1908
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23351",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:03:00.538625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:03:10.537Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(46)",
                "BlueField-3(46)"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(35)"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(39)",
                "BlueField-3(39)"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(43)",
                "BlueField-3(43)"
              ],
              "product": "BlueField LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7",
                "ConnectX-8"
              ],
              "product": "ConnectX GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-5*",
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "N/A(28)"
              ],
              "product": "ConnectX-4",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 28.4702"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "N/A(32)"
              ],
              "product": "ConnectX-4 LX",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 32.1908"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
                }
              ],
              "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:39:03.200Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23351"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-23351"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5699"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-23351",
        "datePublished": "2026-07-01T14:39:03.200Z",
        "dateReserved": "2025-01-14T01:07:21.737Z",
        "dateUpdated": "2026-07-01T16:03:10.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-23350 (GCVE-0-2025-23350)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:36 – Updated: 2026-07-01 16:03
    VLAI
    Summary
    NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA BlueField GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA BlueField LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA BlueField LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA BlueField LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    NVIDIA ConnectX GA Affected: All versions prior to 46.3008
    Create a notification for this product.
    NVIDIA ConnectX LTS22 Affected: All versions prior to 35.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS23 Affected: All versions prior to 39.8002
    Create a notification for this product.
    NVIDIA ConnectX LTS24 Affected: All versions prior to 43.8002
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-23350",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T16:03:24.450922Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-01T16:03:30.696Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(46)",
                "BlueField-3(46)"
              ],
              "product": "BlueField GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(35)"
              ],
              "product": "BlueField LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(39)",
                "BlueField-3(39)"
              ],
              "product": "BlueField LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "BlueField-2(43)",
                "BlueField-3(43)"
              ],
              "product": "BlueField LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7",
                "ConnectX-8"
              ],
              "product": "ConnectX GA",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 46.3008"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-5*",
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS22",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 35.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS23",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 39.8002"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "ConnectX-6*",
                "ConnectX-6 DE",
                "ConnectX-6 DX",
                "ConnectX-6 LX",
                "ConnectX-7"
              ],
              "product": "ConnectX LTS24",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to 43.8002"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
                }
              ],
              "value": "NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:36:19.755Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23350"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-23350"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5699"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-23350",
        "datePublished": "2026-07-01T14:36:19.755Z",
        "dateReserved": "2025-01-14T01:07:21.737Z",
        "dateUpdated": "2026-07-01T16:03:30.696Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24260 (GCVE-0-2026-24260)

    Vulnerability from cvelistv5 – Published: 2026-07-01 14:34 – Updated: 2026-07-02 03:57
    VLAI
    Summary
    NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Container Toolkit Affected: All versions up to and including 1.19.0
    Create a notification for this product.
    NVIDIA GPU Operator Affected: All versions up to and including 26.3.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-01T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T03:57:33.130Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "Container Toolkit",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions up to and including 1.19.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux"
              ],
              "product": "GPU Operator",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions up to and including 26.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering."
                }
              ],
              "value": "NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, data tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-01T14:34:54.537Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24260"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24260"
            },
            {
              "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5850"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24260",
        "datePublished": "2026-07-01T14:34:54.537Z",
        "dateReserved": "2026-01-21T19:09:48.284Z",
        "dateUpdated": "2026-07-02T03:57:33.130Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24228 (GCVE-0-2026-24228)

    Vulnerability from cvelistv5 – Published: 2026-06-16 16:09 – Updated: 2026-06-17 03:55
    VLAI
    Summary
    NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA NeMo Framework Affected: Versions 0.0 to 2.7.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24228",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T03:55:56.660Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "NeMo Framework",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 2.7.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, information disclosure, data tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T16:09:39.524Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24228"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24228"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5839"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24228",
        "datePublished": "2026-06-16T16:09:12.282Z",
        "dateReserved": "2026-01-21T19:09:36.965Z",
        "dateUpdated": "2026-06-17T03:55:56.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24155 (GCVE-0-2026-24155)

    Vulnerability from cvelistv5 – Published: 2026-06-16 16:08 – Updated: 2026-06-17 03:55
    VLAI
    Summary
    NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA NeMo Framework Affected: Versions 0.0 to 2.7.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24155",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-16T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-17T03:55:57.755Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All platforms"
              ],
              "product": "NeMo Framework",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "Versions 0.0 to 2.7.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."
                }
              ],
              "value": "NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, escalation of privileges, information disclosure, data tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-16T16:08:40.609Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24155"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24155"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5839"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24155",
        "datePublished": "2026-06-16T16:08:40.609Z",
        "dateReserved": "2026-01-21T19:09:29.851Z",
        "dateUpdated": "2026-06-17T03:55:57.755Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24180 (GCVE-0-2026-24180)

    Vulnerability from cvelistv5 – Published: 2026-06-09 16:11 – Updated: 2026-06-09 23:39
    VLAI
    Summary
    NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA DALI Affected: 0.0 - 2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24180",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T18:26:24.398468Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:39:10.212Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "DALI",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0 - 2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
                }
              ],
              "value": "NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, data tampering, denial of service, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T23:39:14.072Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24180"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24180"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24180",
        "datePublished": "2026-06-09T16:11:40.309Z",
        "dateReserved": "2026-01-21T19:09:31.779Z",
        "dateUpdated": "2026-06-09T23:39:14.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24181 (GCVE-0-2026-24181)

    Vulnerability from cvelistv5 – Published: 2026-06-09 16:11 – Updated: 2026-06-09 23:45
    VLAI
    Summary
    NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA DALI Affected: 0.0 - 2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24181",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-09T18:25:44.888173Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-09T18:39:15.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "DALI",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0 - 2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
                }
              ],
              "value": "NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, data tampering, denial of service, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-09T23:45:57.096Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24181"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24181"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5814"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24181",
        "datePublished": "2026-06-09T16:11:00.347Z",
        "dateReserved": "2026-01-21T19:09:32.731Z",
        "dateUpdated": "2026-06-09T23:45:57.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24237 (GCVE-0-2026-24237)

    Vulnerability from cvelistv5 – Published: 2026-06-02 16:49 – Updated: 2026-06-02 18:24
    VLAI
    Summary
    NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA NVTabular Affected: 0.0 to 5dd11f4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24237",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T18:15:44.556470Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T18:24:35.257Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "NVTabular",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0 to 5dd11f4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, data tampering, information disclosure, denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T16:49:48.157Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24237"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24237"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5851"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24237",
        "datePublished": "2026-06-02T16:49:48.157Z",
        "dateReserved": "2026-01-21T19:09:37.973Z",
        "dateUpdated": "2026-06-02T18:24:35.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24221 (GCVE-0-2026-24221)

    Vulnerability from cvelistv5 – Published: 2026-06-02 16:48 – Updated: 2026-06-02 18:24
    VLAI
    Summary
    NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA NVTabular Affected: 0.0 to 5dd11f4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24221",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T18:16:08.035555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T18:24:41.185Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "NVTabular",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.0 to 5dd11f4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure."
                }
              ],
              "value": "NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Data tampering, information disclosure, denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T16:48:58.868Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24221"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24221"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5851"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24221",
        "datePublished": "2026-06-02T16:48:58.868Z",
        "dateReserved": "2026-01-21T19:09:36.964Z",
        "dateUpdated": "2026-06-02T18:24:41.185Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-33221 (GCVE-0-2025-33221)

    Vulnerability from cvelistv5 – Published: 2026-05-26 17:26 – Updated: 2026-05-27 15:36
    VLAI
    Summary
    NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA GeForce Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 580.126.09(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 535.288.01(All versions prior to and including vGPU 16.13)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions up to and including the March 2026 release)
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 596.36
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected.
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 596.36
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 582.53
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 539.72
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 596.36
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 582.53
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 539.72
    Create a notification for this product.
    NVIDIA Guest driver Affected: 595.97(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 582.16(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 539.64(All versions prior to and including vGPU 16.13)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33221",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:22:48.086550Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:35:34.507Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595 vGPU 20)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.03(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580 vGPU 19)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "580.126.09(All versions prior to and including vGPU 19.4)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535 vGPU 16)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "535.288.01(All versions prior to and including vGPU 16.13)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(Cloud Gaming)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.03(All versions up to and including the March 2026 release)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R595)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 596.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected."
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R595)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 596.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 582.53"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R535)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 539.72"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R595)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 596.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 582.53"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R535)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 539.72"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R595 vGPU 20)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.97(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580 vGPU 19)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "582.16(All versions prior to and including vGPU 19.4)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R535 vGPU 16)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "539.64(All versions prior to and including vGPU 16.13)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service."
                }
              ],
              "value": "NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Data tampering, denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:36:35.699Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33221"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-33221"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-33221",
        "datePublished": "2026-05-26T17:26:29.463Z",
        "dateReserved": "2025-04-15T18:51:06.915Z",
        "dateUpdated": "2026-05-27T15:36:35.699Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24201 (GCVE-0-2026-24201)

    Vulnerability from cvelistv5 – Published: 2026-05-26 17:25 – Updated: 2026-05-27 15:47
    VLAI
    Summary
    NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Virtual GPU Manager Affected: 595.58.02(All versions up to and including the March 2026 release)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.58.02(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 580.126.08(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 535.288.01(All versions prior to and including vGPU 16.13)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.94(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 582.16(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24201",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T18:31:33.843327Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-26T18:35:48.997Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Red Hat Enterprise Linux KVM",
                "VMware vSphere(Cloud Gaming)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.02(All versions up to and including the March 2026 release)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "XenServer",
                "VMware vSphere",
                "Red Hat Enterprise Linux KVM",
                "Ubuntu(R595 vGPU 20)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.02(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "XenServer",
                "VMware vSphere",
                "Red Hat Enterprise Linux KVM",
                "Ubuntu(R580 vGPU 19)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "580.126.08(All versions prior to and including vGPU 19.4)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "XenServer",
                "VMware vSphere",
                "Red Hat Enterprise Linux KVM",
                "Ubuntu(R535 vGPU 16)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "535.288.01(All versions prior to and including vGPU 16.13)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Azure Local",
                "Windows Server(R595 vGPU 20)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.94(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Azure Local",
                "Windows Server(R580 vGPU 19)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "582.16(All versions prior to and including vGPU 19.4)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure."
                }
              ],
              "value": "NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Data tampering, denial of service, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:47:19.731Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24201"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24201"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24201",
        "datePublished": "2026-05-26T17:25:24.217Z",
        "dateReserved": "2026-01-21T19:09:34.870Z",
        "dateUpdated": "2026-05-27T15:47:19.731Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24200 (GCVE-0-2026-24200)

    Vulnerability from cvelistv5 – Published: 2026-05-26 17:24 – Updated: 2026-05-27 15:46
    VLAI
    Summary
    NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA Virtual GPU Manager Affected: 595.58.02(All versions up to and including the March 2026 release)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 580.126.08(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 535.288.01(All versions prior to and including vGPU 16.13)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.94(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 582.16(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24200",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:55:54.721Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Red Hat Enterprise Linux KVM",
                "VMware vSphere(Cloud Gaming)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.02(All versions up to and including the March 2026 release)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "XenServer",
                "VMware vSphere",
                "Red Hat Enterprise Linux KVM",
                "Ubuntu(R595 vGPU 20)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "580.126.08(All versions prior to and including vGPU 19.4)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "XenServer",
                "VMware vSphere",
                "Red Hat Enterprise Linux KVM",
                "Ubuntu(R580 vGPU 19)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "535.288.01(All versions prior to and including vGPU 16.13)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Azure Local",
                "Windows Server(R595 vGPU 20)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.94(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Azure Local",
                "Windows Server(R580 vGPU 19)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "582.16(All versions prior to and including vGPU 19.4)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
                }
              ],
              "value": "NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, escalation of privileges, information disclosure, data tampering, code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:46:42.305Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24200"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24200"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24200",
        "datePublished": "2026-05-26T17:24:48.456Z",
        "dateReserved": "2026-01-21T19:09:34.080Z",
        "dateUpdated": "2026-05-27T15:46:42.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24194 (GCVE-0-2026-24194)

    Vulnerability from cvelistv5 – Published: 2026-05-26 17:24 – Updated: 2026-05-27 15:41
    VLAI
    Summary
    NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-281 - Improper Preservation of Permissions
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA GeForce Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 580.126.09(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 535.288.01(All versions prior to and including vGPU 16.13)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 595.58.03(All versions up to and including the March 2026 release)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24194",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:56:05.890Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595 vGPU 20)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.03(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580 vGPU 19)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "580.126.09(All versions prior to and including vGPU 19.4)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535 vGPU 16)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "535.288.01(All versions prior to and including vGPU 16.13)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(Cloud Gaming)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.58.03(All versions up to and including the March 2026 release)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
                }
              ],
              "value": "NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, escalation of privileges, information disclosure, data tampering, code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-281",
                  "description": "CWE-281 Improper Preservation of Permissions",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:41:55.643Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24194"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24194"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24194",
        "datePublished": "2026-05-26T17:24:13.664Z",
        "dateReserved": "2026-01-21T19:09:34.079Z",
        "dateUpdated": "2026-05-27T15:41:55.643Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24191 (GCVE-0-2026-24191)

    Vulnerability from cvelistv5 – Published: 2026-05-26 17:23 – Updated: 2026-05-27 15:40
    VLAI
    Summary
    NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA GeForce Affected: All driver versions prior to 596.36
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected.
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 596.36
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 582.53
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 539.72
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 596.36
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 582.53
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 539.72
    Create a notification for this product.
    NVIDIA Guest driver Affected: 595.97(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 582.16(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    NVIDIA Guest driver Affected: 539.64(All versions prior to and including vGPU 16.13)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 595.94(All versions prior to and including vGPU 20.0)
    Create a notification for this product.
    NVIDIA Virtual GPU Manager Affected: 582.16(All versions prior to and including vGPU 19.4)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24191",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:56:04.708Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R595)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 596.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected."
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R595)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 596.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 582.53"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R535)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 539.72"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R595)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 596.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 582.53"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R535)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 539.72"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R595 vGPU 20)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.97(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580 vGPU 19)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "582.16(All versions prior to and including vGPU 19.4)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R535 vGPU 16)"
              ],
              "product": "Guest driver",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "539.64(All versions prior to and including vGPU 16.13)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Azure Local",
                "Windows Server(R595 vGPU 20)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "595.94(All versions prior to and including vGPU 20.0)"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Azure Local",
                "Windows Server(R580 vGPU 19)"
              ],
              "product": "Virtual GPU Manager",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "582.16(All versions prior to and including vGPU 19.4)"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
                }
              ],
              "value": "NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, escalation of privileges, information disclosure, data tampering, code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:40:06.029Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24191"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24191"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24191",
        "datePublished": "2026-05-26T17:23:25.753Z",
        "dateReserved": "2026-01-21T19:09:34.079Z",
        "dateUpdated": "2026-05-27T15:40:06.029Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24190 (GCVE-0-2026-24190)

    Vulnerability from cvelistv5 – Published: 2026-05-26 17:22 – Updated: 2026-05-27 15:39
    VLAI
    Summary
    NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA GeForce Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 595.71.05
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 596.36
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected.
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 596.36
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 582.53
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 539.72
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 596.36
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 582.53
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 539.72
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24190",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:56:03.201Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R595)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 595.71.05"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R595)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 596.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected."
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R595)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 596.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 582.53"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R535)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 539.72"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R595)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 596.36"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 582.53"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R535)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 539.72"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
                }
              ],
              "value": "NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, escalation of privileges, information disclosure, data tampering, code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:39:23.833Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24190"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24190"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24190",
        "datePublished": "2026-05-26T17:22:41.269Z",
        "dateReserved": "2026-01-21T19:09:32.733Z",
        "dateUpdated": "2026-05-27T15:39:23.833Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24193 (GCVE-0-2026-24193)

    Vulnerability from cvelistv5 – Published: 2026-05-26 17:21 – Updated: 2026-05-27 15:41
    VLAI
    Summary
    NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA GeForce Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 580.159.03
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 535.309.01
    Create a notification for this product.
    NVIDIA GeForce Affected: All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected.
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 582.53
    Create a notification for this product.
    NVIDIA NVIDIA RTX, Quadro, NVS Affected: All driver versions prior to 539.72
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 582.53
    Create a notification for this product.
    NVIDIA Tesla Affected: All driver versions prior to 539.72
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24193",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-26T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T03:56:00.847Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R580)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 580.159.03"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Linux(R535)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 535.309.01"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580)"
              ],
              "product": "GeForce",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 582.53 Only GPUs based on the NVIDIA Maxwell, Volta, and Pascal GPU architectures are affected."
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 582.53"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R535)"
              ],
              "product": "NVIDIA RTX, Quadro, NVS",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 539.72"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R580)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 582.53"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows(R535)"
              ],
              "product": "Tesla",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "status": "affected",
                  "version": "All driver versions prior to 539.72"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
                }
              ],
              "value": "NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service, escalation of privileges, information disclosure, data tampering, code execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787 Out-of-bounds Write",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-27T15:41:19.055Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24193"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24193"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5821"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24193",
        "datePublished": "2026-05-26T17:21:42.334Z",
        "dateReserved": "2026-01-21T19:09:34.079Z",
        "dateUpdated": "2026-05-27T15:41:19.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }