Is NVIDIA KAI Scheduler affected by CVE-2026-24177?

CVE-2026-24177 is a high-severity authorization bypass in NVIDIA KAI Scheduler that allows authenticated users to access API endpoints and read sensitive data beyond their assigned permissions, potentially exposing confidential information across organizational security boundaries.

NVIDIA KAI Scheduler CVE-2026-24177

EUVD-2026-24147 HIGH

Missing Authentication for Critical Function (CWE-306)

2026-04-21 nvidia

GHSA-h643-x86r-86v6

Authentication Bypass Information Disclosure Nvidia

7.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Re-analysis Queued

Apr 21, 2026 - 17:22 vuln.today

cvss_changed

Analysis Generated

Apr 21, 2026 - 17:00 vuln.today

DescriptionNVD

NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure.

AnalysisAI

Authorization bypass in NVIDIA KAI Scheduler allows authenticated network attackers to access protected API endpoints and disclose sensitive information across security boundaries. The vulnerability (CWE-306: Missing Authentication for Critical Function) enables low-privileged authenticated users to read high-value data outside their intended scope (CVSS scope changed to 'C', high confidentiality impact). …

RemediationAI

Within 24 hours: Inventory all NVIDIA KAI Scheduler deployments and document current user privilege assignments; notify NVIDIA account team and retrieve advisory 5818 remediation guidance. Within 7 days: Implement network segmentation and API access controls per NVIDIA advisory 5818; apply any available configuration hardening recommendations. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-24177 vulnerability details – vuln.today

Back

NVIDIA KAI Scheduler CVE-2026-24177

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code