Severity by source
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
TOCTOU in a local container runtime implies AV:L not AV:N; race timing gives AC:H, container access gives PR:L, and host escape justifies S:C with full C/I/A impact.
Primary rating from Vendor (nvidia).
CVSS VectorVendor: nvidia
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering.
Articles & Coverage 1
AnalysisAI
Privilege escalation and container escape in NVIDIA Container Toolkit for Linux (and the GPU Operator that bundles it) stem from a time-of-check to time-of-use (TOCTOU) race condition that can lead to arbitrary code execution, privilege escalation, and data tampering across a scope boundary. A low-privileged attacker who can win the race may break out of the intended isolation boundary of GPU-enabled containers. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already have low-level access consistent with running or controlling a GPU-enabled container that is processed by the NVIDIA Container Toolkit / GPU Operator (PR:L) and to win a narrow timing window (AC:H) by racing the toolkit's check-then-use sequence on a shared resource such as a path, symlink, or device node. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score is 8.5 (High) with vector AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H - the changed scope and full C/I/A impact reflect a container-to-host escape, while AC:H correctly captures that races are timing-dependent and not deterministically exploitable. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who controls a workload scheduled onto a GPU node (for example a tenant in a multi-tenant AI cluster) crafts a container whose filesystem swaps a validated path for an attacker-controlled symlink at the precise moment the NVIDIA Container Toolkit performs a privileged mount or device injection. By repeatedly triggering container startup to win the timing window (AC:H), the attacker redirects the privileged operation to escape the container and execute code on the host with elevated privileges. … |
| Remediation | Patch available per vendor advisory - no exact fixed version was included in the input data, so obtain and apply the patched NVIDIA Container Toolkit and GPU Operator release specified in NVIDIA product-security advisory 5850 (https://github.com/NVIDIA/product-security/tree/main/2026/5850) and confirm the fixed version against the NVD entry (https://nvd.nist.gov/vuln/detail/CVE-2026-24260) before deploying; on Kubernetes, upgrade via the GPU Operator so all nodes receive the fixed toolkit consistently. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running NVIDIA Container Toolkit or GPU Operator; assess GPU-enabled workload exposure and privilege levels of container users. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41035
GHSA-4p6c-xj99-mxp8