Skip to main content

NVIDIA Container Toolkit EUVDEUVD-2026-41035

| CVE-2026-24260 HIGH
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-07-01 nvidia GHSA-4p6c-xj99-mxp8
8.5
CVSS 3.1 · Vendor: nvidia
Share

Severity by source

Vendor (nvidia) PRIMARY
8.5 HIGH
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

TOCTOU in a local container runtime implies AV:L not AV:N; race timing gives AC:H, container access gives PR:L, and host escape justifies S:C with full C/I/A impact.

3.1 AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (nvidia).

CVSS VectorVendor: nvidia

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 01, 2026 - 15:53 vuln.today
CVE Published
Jul 01, 2026 - 14:34 cve.org
HIGH 8.5

DescriptionCVE.org

NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering.

AnalysisAI

Privilege escalation and container escape in NVIDIA Container Toolkit for Linux (and the GPU Operator that bundles it) stem from a time-of-check to time-of-use (TOCTOU) race condition that can lead to arbitrary code execution, privilege escalation, and data tampering across a scope boundary. A low-privileged attacker who can win the race may break out of the intended isolation boundary of GPU-enabled containers. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain control of a GPU container workload
Delivery
Stage symlink/path swap on shared resource
Exploit
Race toolkit's check-then-use window
Execution
Redirect privileged mount/device operation
Impact
Execute code on host, escalate privileges

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already have low-level access consistent with running or controlling a GPU-enabled container that is processed by the NVIDIA Container Toolkit / GPU Operator (PR:L) and to win a narrow timing window (AC:H) by racing the toolkit's check-then-use sequence on a shared resource such as a path, symlink, or device node. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score is 8.5 (High) with vector AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H - the changed scope and full C/I/A impact reflect a container-to-host escape, while AC:H correctly captures that races are timing-dependent and not deterministically exploitable. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who controls a workload scheduled onto a GPU node (for example a tenant in a multi-tenant AI cluster) crafts a container whose filesystem swaps a validated path for an attacker-controlled symlink at the precise moment the NVIDIA Container Toolkit performs a privileged mount or device injection. By repeatedly triggering container startup to win the timing window (AC:H), the attacker redirects the privileged operation to escape the container and execute code on the host with elevated privileges. …
Remediation Patch available per vendor advisory - no exact fixed version was included in the input data, so obtain and apply the patched NVIDIA Container Toolkit and GPU Operator release specified in NVIDIA product-security advisory 5850 (https://github.com/NVIDIA/product-security/tree/main/2026/5850) and confirm the fixed version against the NVD entry (https://nvd.nist.gov/vuln/detail/CVE-2026-24260) before deploying; on Kubernetes, upgrade via the GPU Operator so all nodes receive the fixed toolkit consistently. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running NVIDIA Container Toolkit or GPU Operator; assess GPU-enabled workload exposure and privilege levels of container users. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41035 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy