Skip to main content

NVIDIA Isaac Launchable EUVDEUVD-2026-31853

| CVE-2026-24212 HIGH
Cleartext Transmission of Sensitive Information (CWE-319)
2026-05-26 nvidia GHSA-c4g9-8mq7-gwr7
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 08:56 vuln.today
CVE Published
May 26, 2026 - 16:11 nvd
HIGH 7.5

DescriptionCVE.org

NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

AnalysisAI

Cleartext transmission of sensitive information in NVIDIA Isaac Launchable for Linux (all versions prior to 1.2) exposes credentials or other sensitive data to attackers on the same adjacent network, potentially enabling downstream code execution, privilege escalation, information disclosure, and data tampering. The flaw carries a CVSS 7.5 (High) rating, but exploitation requires adjacent-network access and high attack complexity, and there is no public exploit identified at time of analysis. EPSS is 0.00% and the issue is not on the CISA KEV list.

Technical ContextAI

NVIDIA Isaac Launchable is the Linux-side launcher/companion component used to deploy and run NVIDIA Isaac robotics and simulation workloads. The root cause is CWE-319 (Cleartext Transmission of Sensitive Information): the component sends data - likely authentication tokens, session material, or workload configuration - over an unencrypted channel rather than using TLS or another encrypted transport. The affected CPE is cpe:2.3:a:nvidia:isaac_launchable:*:*:*:*:*:*:*:*, with all versions prior to 1.2 confirmed vulnerable per the ENISA EUVD record (EUVD-2026-31853). Because the data crosses the network in cleartext, any party able to observe traffic on the same Layer-2/adjacent segment (per CVSS AV:A) can capture and potentially replay or modify it, which is why NVIDIA enumerates impacts ranging from disclosure to RCE rather than disclosure alone.

RemediationAI

Upgrade NVIDIA Isaac Launchable for Linux to version 1.2 or later, which is the fixed release per NVIDIA's advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5830 and the EUVD record EUVD-2026-31853. If immediate upgrade is not possible, isolate Isaac Launchable hosts onto a dedicated, trusted management VLAN with no untrusted endpoints (BYOD, guest Wi-Fi, shared lab devices) on the same Layer-2 segment, since the CVSS AV:A vector requires adjacent-network presence; this neutralizes the most realistic sniffing path but constrains how the launcher can be reached from developer workstations. Where feasible, tunnel Isaac Launchable traffic over an IPsec or WireGuard overlay between known hosts, accepting the operational overhead of key management. Enable switch-level protections (DHCP snooping, dynamic ARP inspection, port security) to make ARP-spoofing-based MITM harder on shared segments. Monitor for unexpected ARP/NDP activity around Isaac hosts as a detective control. Do not rely on host-based firewalling alone, as it does not prevent passive sniffing on the same broadcast domain.

Share

EUVD-2026-31853 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy