Is Command Injection affected by CVE-2026-24154?

CVE-2026-24154 is a high-severity command injection vulnerability affecting NVIDIA Jetson Linux devices (Xavier, Orin, Thor series) that enables physical attackers to achieve root-level code execution during boot without authentication.

CVE-2026-24154

EUVD-2026-17514 HIGH

2026-03-31 nvidia

7.6

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 31, 2026 - 17:16 euvd

EUVD-2026-17514

Analysis Generated

Mar 31, 2026 - 17:16 vuln.today

CVE Published

Mar 31, 2026 - 16:23 nvd

HIGH 7.6

Description

NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, data tampering, and information disclosure.

Analysis

Command injection in NVIDIA Jetson Linux initrd allows physical attackers to execute arbitrary code with elevated privileges across Jetson Xavier, Orin, and Thor series devices. An attacker with physical access can inject malicious command-line arguments during boot without authentication (CVSS:3.1/AV:P/AC:L/PR:N), leading to complete system compromise including root-level code execution, denial of service, and data exfiltration. …

Remediation

Within 24 hours: Inventory all Jetson Xavier, Orin, and Thor series devices in production and identify physical access controls. Within 7 days: Implement physical security measures restricting device access, disable boot interruption capabilities where operationally feasible, and document Jetson Linux versions in use. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

CVE-2026-24154 vulnerability details – vuln.today

Back

CVE-2026-24154

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-24154

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code