Skip to main content

Nvidia

919 CVEs vendor

Monthly

CVE-2026-24272 HIGH This Week

Code execution in NVIDIA TensorRT is possible when the SDK processes a maliciously crafted input that overflows a heap-based buffer (CWE-122), corrupting adjacent heap memory. The flaw affects the TensorRT deep-learning inference library and requires a local user to load attacker-supplied content, per the AV:L/UI:R CVSS vector; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Successful exploitation yields full loss of confidentiality, integrity, and availability (C:H/I:H/A:H) in the context of the process running the inference job.

Heap Overflow Buffer Overflow Nvidia RCE Tensorrt
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24268 HIGH This Week

Local code execution in NVIDIA TensorRT is possible when the library parses an attacker-supplied input (such as a crafted model/engine file), triggering a heap-based buffer overflow (CWE-122) that can corrupt memory and lead to arbitrary code execution in the context of the process using TensorRT. The CVSS 3.1 vector (AV:L/UI:R) indicates the attacker needs local access and must induce a user or application to load malicious content, and there is no public exploit identified at time of analysis. TensorRT is NVIDIA's deep-learning inference SDK, so the affected population is developers, MLOps pipelines, and inference servers that load third-party or untrusted models.

Heap Overflow Buffer Overflow Nvidia RCE Tensorrt
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24238 HIGH This Week

Improper array index validation (CWE-129) in NVIDIA TensorRT allows an attacker to trigger out-of-bounds memory access that may lead to arbitrary code execution when a victim processes malicious input on the local host. The CVSS 3.1 vector (AV:L/UI:R) indicates the target must actively load attacker-controlled content, so exploitation hinges on tricking a user or automated pipeline into ingesting a crafted model or input file. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but with high confidentiality, integrity, and availability impact this is a meaningful priority for AI/ML inference environments.

Nvidia RCE Tensorrt
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24227 MEDIUM This Month

NVIDIA TensorRT for contains a vulnerability where a user might cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution.

Nvidia RCE Deserialization Tensorrt
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2026-24271 MEDIUM This Month

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service.

Nvidia Denial Of Service Tensorrt Llm
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2026-47475 MEDIUM This Month

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service.

Nvidia Denial Of Service Tensorrt Llm
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2026-47470 MEDIUM This Month

NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service.

Nvidia Denial Of Service Tensorrt Llm
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2026-24226 MEDIUM This Month

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Nvidia RCE Information Disclosure Tensorrt Llm
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-24259 MEDIUM This Month

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Authentication Bypass Nvidia RCE Information Disclosure Tensorrt Llm
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2026-24220 MEDIUM This Month

NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution.

Nvidia RCE Deserialization Tensorrt Llm
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2026-24234 MEDIUM This Month

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure.

Nvidia SSRF Denial Of Service Information Disclosure Tensorrt Llm
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-24229 HIGH This Week

Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI server directly and read, write, or delete internal cluster state, resulting in information disclosure, data tampering, and denial of service. The flaw (CWE-306) affects the orchestration layer that coordinates disaggregated prefill/decode inference workers. No public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.3 with a local attack vector despite the request-based nature of the issue.

Authentication Bypass Nvidia Denial Of Service Information Disclosure Tensorrt Llm
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-47473 HIGH This Week

Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (CWE-123), enabling arbitrary memory writes that can corrupt data, crash the inference service, or leak sensitive information. The flaw carries a CVSS 7.4 (High) score with a local attack vector and high attack complexity, and affects the TensorRT-LLM library used to build and serve optimized large-language-model inference on NVIDIA GPUs. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Denial Of Service Information Disclosure Tensorrt Llm
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2026-47471 HIGH This Week

Heap-based buffer overflow in NVIDIA TensorRT-LLM's tensor deserialization path lets an adjacent, unauthenticated attacker corrupt heap memory by supplying a crafted serialized tensor, potentially causing information disclosure, data tampering, or denial of service. All platforms running affected TensorRT-LLM versions are impacted. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; NVIDIA rates exploitation as high-complexity (AC:H).

Nvidia Denial Of Service Heap Overflow Information Disclosure Deserialization +2
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-47472 HIGH This Week

Local privilege-context deserialization in NVIDIA TensorRT-LLM lets an attacker who already has same-user access to a host running the inference stack abuse its inter-process communication layer to trigger unsafe object deserialization (CWE-502), potentially yielding code execution, information disclosure, data tampering, and denial of service. The flaw is vendor-reported by NVIDIA and carries a CVSS 3.1 base of 7.8 (AV:L), meaning it is not remotely reachable but converts existing local access into full compromise of the model-serving process. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Nvidia Denial Of Service Information Disclosure Deserialization RCE +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24233 HIGH This Week

Insecure deserialization in NVIDIA TensorRT-LLM for Linux lets a local, low-privileged attacker abuse a weakness in the restricted unpickler that handles model-weight loading, potentially achieving code execution, privilege escalation, data tampering, and information disclosure. The flaw (CWE-502, CVSS 8.4) affects the GPU LLM-inference library and stems from the restricted unpickler failing to fully constrain what can be deserialized from an untrusted model artifact. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Information Disclosure Nvidia RCE Deserialization Tensorrt Llm
NVD
CVSS 3.1
8.4
EPSS
0.3%
CVE-2026-47482 HIGH This Week

Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to exhaust host memory by triggering a memory leak (CWE-401, missing release of memory after effective lifetime), degrading or crashing the inference service. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, A:H) indicates trivial network-reachable exploitation with no authentication and high availability impact, but no confidentiality or integrity exposure. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Nvidia Denial Of Service Triton Inference Server
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-47481 MEDIUM This Month

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Nvidia Authentication Bypass RCE Information Disclosure Triton Inference Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-47480 HIGH This Week

Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to crash the service by triggering an uncaught exception (CWE-248), taking the model-serving endpoint offline. The flaw carries CVSS 7.5 with a pure availability impact (C:N/I:N/A:H) and no public exploit identified at time of analysis; it was reported by NVIDIA itself. No confidentiality or integrity compromise is involved — the sole consequence is loss of inference availability.

Nvidia Denial Of Service Triton Inference Server
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-47479 HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux lets remote unauthenticated attackers exhaust server resources (CWE-400 uncontrolled resource consumption) and render the AI/ML inference endpoint unavailable, with no impact to confidentiality or integrity. The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/A:H), reflecting network-reachable, low-complexity, no-privilege exploitation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; no EPSS score was provided in the input.

Nvidia Denial Of Service Triton Inference Server
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-47478 HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux allows a remote, unauthenticated attacker to disrupt availability by triggering use of an expired (stale) file descriptor. The flaw impacts availability only (no data exposure or code execution) and, per CVSS PR:N/UI:N, requires no authentication or user interaction. There is no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; no EPSS score was provided in the input.

Nvidia Denial Of Service Triton Inference Server
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-47477 HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux stems from a stack-based buffer overflow (CWE-121) reachable by remote, unauthenticated attackers over the network. Per the CVSS 3.1 vector, exploitation requires no privileges or user interaction and impacts only availability (A:H), with no confidentiality or integrity effect. There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV; no EPSS score was provided in the input.

Buffer Overflow Stack Overflow Denial Of Service Nvidia Triton Inference Server
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-47476 HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to trigger uncontrolled resource consumption, exhausting server resources and rendering the model-serving endpoint unavailable. The flaw carries a CVSS 7.5 with a pure availability impact and no confidentiality or integrity effect; it was reported by NVIDIA, and there is no public exploit identified at time of analysis. No special access is required, but the concrete resource-exhaustion trigger is not detailed in the available data.

Nvidia Denial Of Service Triton Inference Server
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-62239 MEDIUM POC PATCH This Month

Arbitrary file write via symlink attack in FlashAttention's build toolchain (through 2.8.3.post1) allows a local low-privileged attacker to redirect NVIDIA archive extraction to attacker-controlled paths by pre-planting a symlink in the predictable cache directory before a victim initiates a build. The hopper/setup.py download_and_copy() function called tarfile.extractall() without symlink validation or path confinement, meaning extracted NVIDIA toolchain binaries could be written anywhere accessible to the victim's process. No active exploitation is confirmed in CISA KEV, but a publicly available proof-of-concept exists at GitHub issue #2637 and a vendor patch is available in commit 0816ef1.

Nvidia Information Disclosure Flash Attention
NVD GitHub
CVSS 4.0
5.3
EPSS
0.1%
CVE-2026-24270 CRITICAL Act Now

Authentication bypass in NVIDIA AIStore, a scalable distributed object-storage framework for AI/ML data pipelines, lets a remote attacker circumvent access controls (CWE-290) and reach protected functionality without valid credentials. Because the flaw yields full confidentiality, integrity, and availability impact (CVSS 9.8), successful exploitation can enable information disclosure of stored datasets, tampering with training data, privilege escalation, and denial of service. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Authentication Bypass Nvidia Denial Of Service Information Disclosure Aistore Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2026-24266 HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux (versions through 26.03) allows a remote attacker to crash the service by triggering a use-after-free (CWE-416) condition, per the NVIDIA product-security advisory. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/A:H) indicates network-reachable, unauthenticated exploitation with high availability impact but no confidentiality or integrity effect. No public exploit identified at time of analysis, and CISA SSVC rates exploitation status as 'none' with an EPSS of 0.54% (41st percentile), consistent with no observed activity.

Memory Corruption Nvidia Denial Of Service Use After Free Triton Inference Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2026-24264 HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to exhaust server resources by submitting highly compressed (data-amplification / decompression-bomb) input that the server improperly handles during decompression. The flaw (CWE-409) affects the Linux distribution of Triton and carries a CVSS 7.5 (availability-only impact); there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is limited to availability - no confidentiality or integrity loss.

Nvidia Denial Of Service Triton Inference Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2026-24251 HIGH This Week

Local code execution and privilege escalation in NVIDIA Megatron Bridge (Linux) stems from unsafe handling of dynamically managed code resources, rooted in an insecure deserialization flaw (CWE-502). A low-privileged local user who can influence the data or model artifacts Megatron Bridge loads can achieve arbitrary code execution, escalate privileges, tamper with data, and disclose information. NVIDIA self-reported the issue with a CVSS 3.1 base score of 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24250 HIGH This Week

Local privilege escalation and code execution in NVIDIA Megatron Bridge for Linux stems from unsafe deserialization of attacker-controlled input (CWE-502), allowing a low-privileged local user to achieve arbitrary code execution, tamper with data, and disclose information. NVIDIA reported the flaw with no public exploit identified at time of analysis, and it is not listed in CISA KEV; no EPSS score was provided. Megatron Bridge is an ML/LLM training framework, so impact centers on shared GPU/training hosts rather than internet-facing services.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24249 HIGH This Week

Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux allows a low-privileged local attacker to achieve code execution, privilege escalation, data tampering, and information disclosure. Megatron Bridge is NVIDIA's model-interoperability tooling used to convert and load large-language-model checkpoints in the Megatron/PyTorch training stack, where unsafe object deserialization (CWE-94) lets attacker-controlled serialized data run arbitrary code in the process context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 7.8 (High) rating with full C/I/A impact makes it a meaningful risk on shared or multi-tenant ML infrastructure.

Deserialization Code Injection Nvidia RCE Information Disclosure +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24248 HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge for Linux stems from improper control of code generation (CWE-94), allowing an attacker who convinces a user to process a malicious artifact to run code in the context of the training/inference workload. Successful exploitation can escalate privileges, tamper with data, and disclose information. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 3.1 vector (AV:L/UI:R) indicates local access with user interaction is required.

Code Injection Nvidia Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24247 HIGH This Week

Insecure deserialization in NVIDIA Megatron Bridge for Linux (CWE-502) lets an attacker who supplies a crafted serialized object achieve code execution, privilege escalation, data tampering, and information disclosure when a local user loads that data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows the attack is local and hinges on the victim opening attacker-controlled content, with no public exploit identified at time of analysis. Megatron Bridge is a specialized NVIDIA library for bridging large-language-model training frameworks, so exposure is concentrated in ML/AI training and research environments rather than general enterprise fleets.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24246 HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge on Linux arises from unsafe reflection (CWE-470), where externally-controlled input selects which classes or code resources are dynamically loaded. A local attacker who convinces a user to load a crafted artifact (e.g., a malicious model, checkpoint, or configuration) can trigger code execution, privilege escalation, data tampering, and information disclosure. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Nvidia Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24245 HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge for Linux arises from unsafe deserialization of untrusted data (CWE-502), allowing an attacker who tricks a user into loading a crafted serialized object to execute code, escalate privileges, tamper with data, and disclose information. The flaw affects the Megatron Bridge model-conversion/training tooling and is locally exploitable but hinges on victim interaction (UI:R). No public exploit code has been identified and the issue is not in CISA KEV, so there is currently no evidence of active exploitation.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24244 HIGH This Week

Arbitrary code execution and privilege escalation in NVIDIA Megatron Bridge on Linux arises from unsafe deserialization of untrusted data, allowing a local attacker who convinces a user to load a malicious serialized object to run code, tamper with data, and disclose information. NVIDIA (the reporting vendor) rates it 7.8 (High); the CVSS vector requires local access and user interaction, so exploitation is not remote-unauthenticated. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24243 HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge (all versions per the NVIDIA advisory) arises from unsafe deserialization of untrusted data (CWE-502), where an attacker supplies a crafted serialized object — typically a malicious model checkpoint or configuration artifact — that a user loads locally, yielding code execution, privilege escalation, data tampering, and information disclosure. The CVSS 3.1 base score is 7.8 (High) with a local vector requiring user interaction (AV:L/UI:R) and no attacker privileges. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; no EPSS score was provided.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24242 HIGH This Week

Server-side request forgery in NVIDIA Megatron Bridge for Linux allows an attacker to coerce the software into issuing attacker-controlled requests, potentially leading to disclosure of sensitive information. The flaw (CWE-918) was reported by NVIDIA itself and carries a vendor CVSS 3.1 score of 7.8; notably the vector is scored as local with required user interaction (AV:L/UI:R) rather than a classic remote SSRF, which security teams should reconcile against the SSRF classification. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Nvidia SSRF Information Disclosure Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24240 HIGH This Week

Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux (CWE-502) can lead to arbitrary code execution, privilege escalation, data tampering, and information disclosure when a user loads attacker-controlled data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) indicates a local attack requiring the victim to open or process a malicious artifact — consistent with unsafe deserialization of a model checkpoint, config, or serialized object. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV; EPSS was not provided.

Nvidia Deserialization Information Disclosure RCE Megatron Bridge
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-23351 CRITICAL Act Now

Out-of-bounds write in the command interface of NVIDIA ConnectX SmartNICs and BlueField DPUs allows a local user holding virtual function (VF) access - typically a tenant inside a guest VM - to corrupt device memory via crafted input and potentially achieve arbitrary code execution on the network device itself. Because the CVSS scope is Changed (S:C), a successful exploit crosses the VF isolation boundary and threatens the host and other tenants, making this a serious multi-tenant/cloud isolation-breakout risk. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Memory Corruption Nvidia Buffer Overflow RCE Bluefield Ga +9
NVD GitHub
CVSS 3.1
9.0
EPSS
0.3%
CVE-2025-23350 CRITICAL Act Now

Out-of-bounds write in the command interface of NVIDIA ConnectX network adapters and BlueField DPUs allows a local user holding an assigned virtual function (VF) to corrupt device memory via crafted input, potentially achieving arbitrary code execution on the device itself. Because the flaw sits at the firmware command interface reachable from a SR-IOV guest, a successful exploit crosses the guest/device trust boundary (CVSS scope-changed, base 9.0) and can compromise the host that owns the adapter. This is a vendor-reported issue with no public exploit identified at time of analysis and no CISA KEV listing.

Memory Corruption Nvidia Buffer Overflow RCE Bluefield Ga +7
NVD GitHub
CVSS 3.1
9.0
EPSS
0.3%
CVE-2026-24260 HIGH This Week

Privilege escalation and container escape in NVIDIA Container Toolkit for Linux (and the GPU Operator that bundles it) stem from a time-of-check to time-of-use (TOCTOU) race condition that can lead to arbitrary code execution, privilege escalation, and data tampering across a scope boundary. A low-privileged attacker who can win the race may break out of the intended isolation boundary of GPU-enabled containers. No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; NVIDIA is the reporting source via its product-security advisory 5850.

Nvidia RCE Container Toolkit Gpu Operator Red Hat +1
NVD GitHub
CVSS 3.1
8.5
EPSS
0.5%
CVE-2026-55447 PyPI CRITICAL PATCH GHSA Act Now

Arbitrary file read leading to remote code execution affects Langflow versions prior to 1.9.2 in any flow that uses BaseFileComponent-derived nodes (Read File, Docling, Docling Serve, NVIDIA Retriever Extraction, Video File, Unstructured API). An attacker who can submit a TAR archive containing symlinks - for example through a RAG ingestion pipeline that accepts user documents - causes the server to follow those links and ingest arbitrary host files such as Langflow's JWT secret_key, which can then be used to forge admin tokens and execute Python via the Code Interpreter node. Publicly available exploit code exists (researcher-published PoC archive and demo video); not listed in CISA KEV.

Nvidia Python RCE
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.3%
CVE-2026-53805 CRITICAL PATCH Act Now

Unauthenticated remote code execution in NVIDIA Spatial Intelligence Lab's GEN3C inference API server allows network attackers to execute arbitrary Python code by sending crafted pickle payloads to the /request-inference and /seed-model endpoints. The endpoints feed raw HTTP bodies directly into pickle.loads() with no authentication or validation, so a standard __reduce__ gadget yields code execution as the inference process. No public exploit identified at time of analysis, but the upstream patch and a VulnCheck advisory document the precise vulnerable code path.

Nvidia Deserialization Python RCE Gen3C
NVD GitHub
CVSS 4.0
9.3
EPSS
0.7%
CVE-2026-24228 HIGH This Week

Local code execution in NVIDIA NeMo Framework on Linux allows an authenticated low-privileged attacker to abuse unsafe deserialization of untrusted data (CWE-502) to run arbitrary code, escalate privileges, tamper with data, or disclose information. The CVSS 7.8 (AV:L/PR:L) profile and the typical ML-training use case mean exploitation requires existing access to the host running NeMo. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Nvidia Deserialization Information Disclosure RCE Nemo Framework
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24155 HIGH This Week

Code injection in NVIDIA NeMo Framework across all supported platforms allows a local attacker with low privileges to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The flaw carries a CVSS 3.1 score of 7.8 with high impact across confidentiality, integrity, and availability, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Code Injection Information Disclosure RCE Nemo Framework
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-24180 HIGH This Week

Heap-based buffer overflow in NVIDIA DALI enables local authenticated attackers to achieve code execution, data tampering, denial of service, or information disclosure when a victim user interacts with attacker-supplied input. The flaw affects the Data Loading Library used in GPU-accelerated deep learning data pipelines and carries a CVSS 3.1 score of 7.3 (High). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Heap Overflow RCE Information Disclosure Buffer Overflow +1
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-24181 HIGH This Week

Local code execution and data tampering in NVIDIA DALI (Data Loading Library) is possible when a low-privileged user is tricked into processing attacker-controlled input through a component that performs improper index validation (CWE-129). The CVSS 7.3 vector (AV:L/AC:L/PR:L/UI:R) indicates local access, low privileges, and user interaction are required, with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Information Disclosure Nvidia RCE
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-24237 HIGH This Week

Local code execution in NVIDIA NVTabular allows a low-privileged attacker to abuse insecure deserialization of untrusted data, potentially leading to arbitrary code execution, data tampering, and information disclosure on the host running the library. The flaw carries a CVSS 7.8 (High) rating with confidentiality, integrity, and availability all marked High, and currently no public exploit identified at time of analysis. NVTabular is a tabular feature-engineering library used in recommender-system pipelines, so the practical blast radius is data-science workstations and ML training nodes.

Nvidia RCE Deserialization Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24221 HIGH This Week

Local code execution in NVIDIA NVTabular allows an authenticated low-privileged user to abuse improper deserialization of untrusted data to run arbitrary code, tamper with data, and disclose sensitive information. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting a local attack vector with low complexity and low privileges; no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Nvidia RCE Deserialization Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-46017 MEDIUM PATCH This Month

Race condition in the Linux kernel memory management subsystem during large-folio migration can cause kernel availability disruption on SMP/NUMA systems. The flaw in migrate_folio_move() causes a destination folio to become visible to concurrent rmap-removal paths before being requeued onto the deferred split queue, triggering a kernel WARN in deferred_split_folio() or silently losing a folio from split_queue when the shrinker races the migration lock. With no public exploit, no CISA KEV listing, and an EPSS of 0.02%, this is a low real-world risk issue primarily relevant to HPC, virtualization, and database workloads with heavy NUMA migration activity.

Nvidia Race Condition Linux Information Disclosure Red Hat +1
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-33221 MEDIUM PATCH This Month

Incorrect permission assignment in the NVIDIA Display Driver kernel module on Windows and Linux allows a highly privileged local user to corrupt critical resource permissions, leading to denial of service and potentially data tampering. Affected product lines span GeForce (limited to Maxwell, Volta, and Pascal architectures on some branches), RTX/Quadro/NVS, Tesla, and Guest (vGPU) drivers across multiple version branches. No public exploit exists and no active exploitation has been identified; SSVC assessment rates exploitation as none and impact as partial, consistent with the moderate CVSS score of 4.4.

Denial Of Service Nvidia Microsoft Linux
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-24201 MEDIUM This Month

Out-of-bounds write in NVIDIA Virtual GPU Manager exposes virtualized GPU deployments to denial of service, data tampering, and information disclosure. A local, low-privileged attacker operating within a virtualized environment can trigger the memory corruption flaw in the host-side vGPU manager component across multiple affected driver branches (vGPU 16.x through 20.x). No public exploit code exists at time of analysis, and EPSS probability is at the 2nd percentile, but the high availability impact (A:H in CVSS) and the prevalence of vGPU in enterprise virtualization infrastructure warrant prompt patching.

Nvidia Memory Corruption Information Disclosure Buffer Overflow Denial Of Service +1
NVD VulDB
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-24200 HIGH This Week

Local privilege escalation and code execution in NVIDIA Virtual GPU Manager arises from a use-after-free on stack memory within the vGPU hypervisor component. Authenticated local attackers on the host or guest side of an affected vGPU deployment (vGPU branches 16.x through 20.x) can trigger memory corruption that may yield DoS, info disclosure, data tampering, or arbitrary code execution. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC rates technical impact as total.

Nvidia Memory Corruption RCE Information Disclosure Use After Free +2
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-24194 HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU guest drivers) allows an authenticated local user to abuse improper permission handling in a kernel mode layer handler, enabling code execution, privilege elevation, and data tampering. CVSS 7.8 reflects high impact across confidentiality, integrity, and availability, but the attack vector is local and authenticated. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC marks technical impact as total.

Nvidia RCE Linux Information Disclosure Denial Of Service
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24191 HIGH This Week

Local privilege escalation in NVIDIA Display Driver for Windows (GeForce, RTX/Quadro/NVS, Tesla, and vGPU guest/manager components) stems from a time-of-check time-of-use (TOCTOU) race condition that can be abused by a low-privileged local user. Successful exploitation may yield code execution, privilege escalation, denial of service, information disclosure, or data tampering with scope change beyond the driver's security boundary. No public exploit identified at time of analysis; EPSS is 0.01% and SSVC exploitation status is 'none', so the practical risk is contingent on local access and winning a high-complexity race.

Nvidia RCE Information Disclosure Microsoft Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24190 HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Windows and Linux allows authenticated low-privilege users to improperly access GPU resources via a kernel mode layer flaw, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service. The issue affects GeForce, RTX/Quadro/NVS, and Tesla product lines across multiple driver branches and carries a CVSS 7.8 (High) score. No public exploit identified at time of analysis, and EPSS probability is very low (0.01%), but the breadth of affected hardware and total technical impact warrant prompt patching.

Nvidia RCE Linux Information Disclosure Microsoft +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24193 HIGH PATCH This Week

Local privilege escalation in the NVIDIA Display Driver for Windows and Linux allows an authenticated low-privileged user to trigger an out-of-bounds write (CWE-787) in the kernel-mode driver, potentially leading to code execution, privilege escalation, information disclosure, data tampering, or denial of service. The flaw affects GeForce, RTX/Quadro/NVS, and Tesla product lines, with NVIDIA confirming the vulnerability and releasing patched driver versions. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.01%.

Nvidia Memory Corruption RCE Information Disclosure Microsoft +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24196 HIGH PATCH This Week

Out-of-bounds read in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest drivers) allows a locally authenticated user to trigger denial of service and information disclosure. The flaw carries a CVSS 3.1 score of 7.1 (AV:L/AC:L/PR:L), and per CISA SSVC there is no public exploit identified at time of analysis (Exploitation: none), with EPSS at 0.01% indicating negligible near-term exploitation likelihood. NVIDIA has published fixed driver versions across all affected branches in advisory ID 5821.

Denial Of Service Information Disclosure Nvidia Buffer Overflow
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-24197 MEDIUM PATCH This Month

NVIDIA Display Driver for Linux exposes a denial-of-service condition in the Multi-Instance GPU (MIG) partition management subsystem, rooted in insecure default initialization of memory subsystem routing resources (CWE-1188). A local authenticated user - with low privileges on a Linux system running MIG-enabled Tesla, GeForce, RTX/Quadro/NVS, or Virtual GPU Manager driver branches - can trigger a hang or data corruption during partition reconfiguration, potentially disrupting all GPU workloads sharing the affected physical GPU. No public exploit code exists and this vulnerability is not in CISA KEV; EPSS sits at 0.01% (2nd percentile), indicating no observed mass exploitation at time of analysis.

Denial Of Service Nvidia
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24199 MEDIUM PATCH This Month

Race condition exploitation in NVIDIA Display Driver's Linux kernel module allows a local authenticated user to cause denial of service by manipulating compiler or processor memory instruction ordering. Affected product lines span GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest Driver across multiple driver branches up to the March 2026 release. No active exploitation has been confirmed - this is not listed in CISA KEV, EPSS is 0.01% (1st percentile), and SSVC assessment classifies exploitation status as none - placing this firmly in a patch-and-monitor category rather than emergency response.

Denial Of Service Nvidia Race Condition Linux Geforce +4
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-24198 MEDIUM PATCH This Month

Race condition in NVIDIA GPU Display Driver for Linux allows a high-privileged local attacker to leak sensitive kernel or process memory, producing limited information disclosure alongside potential data tampering and denial of service. Affected product lines span GeForce, RTX/Quadro/NVS, and Tesla GPU families running Linux driver branches prior to 580.159.03 or 595.71.05. No public exploit code exists and this vulnerability is absent from the CISA KEV catalog; an EPSS of 0.01% (1st percentile) and SSVC classification of Exploitation: none together place it at the lowest tier of real-world exploitation priority.

Denial Of Service Information Disclosure Nvidia Geforce Rtx Quadro Nvs +1
NVD
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-24182 MEDIUM PATCH This Month

Denial of service in NVIDIA Display Driver for Windows and Linux stems from improper lock management (CWE-667), where an attacker with local low-privilege access can leak held driver locks, potentially crashing or hanging the driver stack and denying GPU availability system-wide. Scope is changed (S:C), meaning the impact extends beyond the vulnerable component to the broader kernel or hypervisor layer. No public exploit identified at time of analysis and no CISA KEV listing; EPSS at 0.01% (1st percentile) and SSVC exploitation status of 'none' consistently signal low near-term exploitation likelihood.

Denial Of Service Nvidia Microsoft
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24195 MEDIUM PATCH This Month

Denial of service in the NVIDIA Display Driver for Linux (UVM kernel module) allows a local user to crash or render the GPU subsystem unavailable through improper input validation. The flaw affects NVIDIA Guest drivers used in vGPU deployments (versions 580.126.09 and 595.58.03 across vGPU 19.4 and 20.0 branches) and carries a CVSS 7.1 with high availability impact and scope change. There is no public exploit identified at time of analysis, and EPSS is very low (0.01%, 2nd percentile), consistent with the local attack vector and DoS-only impact.

Denial Of Service Nvidia
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24192 HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and Virtual GPU Manager branches) stems from an incorrect numeric type conversion (CWE-681) that produces a heap buffer overflow. A locally authenticated attacker with low privileges can trigger the flaw to achieve code execution, privilege escalation, information disclosure, data tampering, or denial of service. No public exploit identified at time of analysis, and EPSS is very low (0.01%, 1st percentile), but technical impact per SSVC is total.

Nvidia RCE Information Disclosure Buffer Overflow Denial Of Service
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24187 HIGH PATCH This Week

Local privilege escalation and code execution in the NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest/Manager components) stems from a use-after-free memory corruption flaw (CWE-416) that a local low-privileged user can trigger to compromise the kernel-level driver. The scope-changed CVSS 8.8 score reflects that successful exploitation crosses a trust boundary, potentially yielding code execution, privilege escalation, information disclosure, data tampering, or denial of service. EPSS is 0.01% (1st percentile) and there is no public exploit identified at time of analysis, but a vendor patch is available across all affected branches.

Nvidia Memory Corruption RCE Information Disclosure Use After Free +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-24162 HIGH This Week

Insecure deserialization in NVIDIA Merlin Transformers4Rec on Linux allows a local attacker to achieve code execution, data tampering, and information disclosure by tricking a user into loading a malicious serialized object. The flaw affects all Main-branch commits prior to March 11, 2026, and currently has no public exploit identified at time of analysis, with a very low EPSS score (0.02%) reflecting limited real-world activity. CISA SSVC classifies exploitation as 'none' but technical impact as 'total', placing it firmly in the supply-chain/MLOps risk category rather than a mass-exploitation threat.

Information Disclosure Nvidia Deserialization RCE Merlin Transformers4Rec
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24212 HIGH This Week

Cleartext transmission of sensitive information in NVIDIA Isaac Launchable for Linux (all versions prior to 1.2) exposes credentials or other sensitive data to attackers on the same adjacent network, potentially enabling downstream code execution, privilege escalation, information disclosure, and data tampering. The flaw carries a CVSS 7.5 (High) rating, but exploitation requires adjacent-network access and high attack complexity, and there is no public exploit identified at time of analysis. EPSS is 0.00% and the issue is not on the CISA KEV list.

Information Disclosure Nvidia RCE Isaac Launchable
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24217 HIGH This Week

Path traversal in NVIDIA BioNeMo Core for Linux allows remote attackers to escape intended directory boundaries when a user is induced to load a malicious file, enabling code execution, information disclosure, data tampering, or denial of service. The flaw carries a high CVSS score of 8.8 driven by network reachability and full CIA impact, though exploitation requires user interaction; no public exploit identified at time of analysis.

Information Disclosure RCE Denial Of Service Nvidia Path Traversal
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-24216 HIGH This Week

Arbitrary code execution in NVIDIA BioNemo Framework on Linux allows a local attacker to abuse unsafe deserialization of untrusted data (CWE-502), leading to code execution, denial of service, information disclosure, and data tampering. The CVSS 7.8 vector indicates local attack vector with required user interaction, and no public exploit has been identified at time of analysis.

Information Disclosure Deserialization RCE Denial Of Service Nvidia
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-24218 HIGH This Week

Host impersonation and machine-in-the-middle attacks against NVIDIA DGX OS systems are possible because the factory provisioning process clones a base image that ships identical SSH host keys onto every similarly provisioned system, primarily affecting DGX Spark deployments. With a CVSS of 8.1 and a CWE-321 (Use of Hard-Coded Cryptographic Key) root cause, an unauthenticated network attacker who possesses the shared key material from any one device can impersonate peers, potentially leading to code execution, data tampering, privilege escalation, information disclosure, or denial of service. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Information Disclosure Nvidia Denial Of Service RCE
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-24188 HIGH This Week

Out-of-bounds write in NVIDIA TensorRT allows remote attackers to corrupt memory and tamper with data processed by the inference engine, per NVIDIA's own advisory (KB 5836). The CVSS 8.2 score reflects high integrity impact with no privileges or user interaction required, though confidentiality is unaffected. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Memory Corruption Nvidia Buffer Overflow
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-24163 HIGH This Week

Unsafe deserialization in NVIDIA TensorRT-LLM's RPC testing component allows a local high-privileged attacker to trigger code execution, denial of service, data tampering, or information disclosure across a changed scope. The flaw is rated CVSS 7.5 despite local-only access and high attack complexity because successful exploitation crosses a security boundary (S:C) and yields full CIA impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Deserialization RCE Denial Of Service Nvidia
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-24160 MEDIUM This Month

Null pointer dereference in NVIDIA TensorRT-LLM across all supported platforms allows a local attacker to crash the application and cause denial of service. The flaw stems from an unchecked return value that is subsequently dereferenced, triggering a fault when the returned pointer is null. With a CVSS score of 5.5 and no public exploit or CISA KEV listing identified at time of analysis, real-world risk is moderate and constrained by the local attack vector and mandatory user interaction.

Nvidia Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-24142 MEDIUM This Month

Deserialization of untrusted data in NVIDIA TensorRT-LLM across all platforms allows a local, low-privileged attacker to achieve code execution, data tampering, and information disclosure by exploiting an unsafe serialized handle. The CVSS Changed Scope (S:C) indicates the impact can extend beyond the vulnerable component itself - notable given TensorRT-LLM's role as an inference serving library often integrated into multi-tenant or production AI infrastructure. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Deserialization Nvidia Information Disclosure RCE
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2025-33255 HIGH This Week

Unsafe deserialization in NVIDIA TensorRT-LLM's MPI server component allows a high-privileged local attacker to achieve code execution, denial of service, data tampering, or information disclosure on systems running the affected library. The CVSS 7.5 score reflects high impact but constrained exploitability (AV:L/AC:H/PR:H), and no public exploit identified at time of analysis. Scope change (S:C) indicates compromise can extend beyond the vulnerable component to impact other resources on the host.

Information Disclosure Deserialization RCE Denial Of Service Nvidia
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-24215 MEDIUM This Month

Uncontrolled resource consumption in NVIDIA Triton Inference Server's DALI backend allows a network-adjacent, low-privileged attacker to exhaust server resources, resulting in denial of service. The vulnerability (CWE-400) is triggered through the DALI data-loading and augmentation backend, requires low privileges and user interaction, and carries a CVSS score of 5.7 (Medium). No public exploit code or CISA KEV listing has been identified at time of analysis, placing this in a monitored-but-not-critical-urgency tier for most deployments.

Nvidia Denial Of Service
NVD VulDB
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-24214 HIGH This Week

Integer overflow in the DALI backend of NVIDIA Triton Inference Server allows authenticated remote attackers to trigger memory corruption that may result in code execution, data tampering, or denial of service. The flaw requires low-level privileges plus user interaction (CVSS 8.0, AV:N/AC:L/PR:L/UI:R) and affects deployments exposing the DALI inference pipeline. No public exploit identified at time of analysis.

Nvidia Denial Of Service RCE Integer Overflow
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-24213 HIGH This Week

Out-of-bounds read in the DALI backend of NVIDIA Triton Inference Server allows authenticated remote attackers to trigger memory disclosure that may escalate to code execution, data tampering, or denial of service. The flaw carries a CVSS 8.0 (High) rating reflecting low-privilege network access with required user interaction, and no public exploit identified at time of analysis. NVIDIA has published a security bulletin addressing the issue.

Information Disclosure Buffer Overflow RCE Denial Of Service Nvidia
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-24210 HIGH This Week

Denial of service in NVIDIA Triton Inference Server can be triggered remotely by unauthenticated attackers via an integer overflow condition (CWE-190). The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, and no public exploit has been identified at time of analysis. Defenders running Triton in network-exposed inference deployments should prioritize patching since exploitation requires no privileges, no user interaction, and low attack complexity.

Nvidia Denial Of Service Integer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24209 HIGH This Week

Denial of service in NVIDIA Triton Inference Server can be triggered remotely without authentication via a path traversal flaw (CWE-22), enabling unauthenticated network attackers to disrupt model-serving availability. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, and no public exploit has been identified at time of analysis.

Denial Of Service Nvidia Path Traversal
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-24208 MEDIUM This Month

Path traversal exploitation in NVIDIA Triton Inference Server enables unauthenticated remote attackers to cause denial of service by submitting crafted requests containing malicious path components. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms zero authentication or user interaction is required, making this broadly reachable from the network with low attack complexity. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis; however, the no-prerequisite attack profile warrants patching per NVIDIA's advisory at nvidia.custhelp.com.

Denial Of Service Nvidia Path Traversal
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-24207 CRITICAL POC Act Now

Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected functionality over the network, potentially chaining to code execution, privilege escalation, data tampering, denial of service, or information disclosure. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) reflects a critical severity issue affecting an AI/ML inference platform commonly deployed in production model-serving environments. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.

Information Disclosure Authentication Bypass RCE Denial Of Service Nvidia
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-24206 HIGH This Week

Authentication bypass in NVIDIA Triton Inference Server allows remote unauthenticated attackers to circumvent access controls, potentially leading to privilege escalation, denial of service, or information disclosure. With a CVSS 7.3 score and network-reachable attack vector (AV:N/AC:L/PR:N/UI:N), the flaw is exploitable without user interaction or credentials, though no public exploit identified at time of analysis. The vulnerability is not currently listed in CISA KEV, and EPSS data was not provided in the source intelligence.

Information Disclosure Nvidia Denial Of Service Authentication Bypass
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-41512 CRITICAL PATCH Act Now

Remote code execution in ai-scanner versions 1.0.0 through 1.4.0 allows authenticated attackers to inject and execute arbitrary JavaScript code via the BrowserAutomation::PlaywrightService component. The vulnerability has a Critical CVSS score of 9.9 with scope change, enabling cross-boundary compromise of confidentiality, integrity, and availability. Vendor-released patch available in version 1.4.1 as of April 13, 2026, with GitHub Security Advisory GHSA-r27j-xxgx-f5vr confirming the fix.

Nvidia Code Injection RCE
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-43311 MEDIUM PATCH This Month

Linux kernel's Tegra PMC driver can trigger kernel warnings and potential denial of service during system resume by calling generic_handle_irq() from non-interrupt context. Affects Tegra186 and later platforms running Linux kernel versions prior to 6.19.6 and 7.0. CVSS 5.5 indicates local low-complexity exploitation requiring authenticated access. EPSS score of 0.02% (5th percentile) suggests minimal observed exploitation activity. Vendor patches available via stable kernel tree commits.

Nvidia Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-40171 LIB HIGH PATCH GHSA This Week

Stored XSS in Jupyter Notebook's CommandLinker feature enables authentication token theft through malicious notebook files, leading to complete account takeover. Attackers craft notebook files with disguised controls that, when clicked once by victims, execute arbitrary code via the Jupyter REST API, granting full filesystem access and kernel control. Reported by NVIDIA AI Red Team. Vendor-released patches available: Jupyter Notebook 7.5.6 and JupyterLab 4.5.7. No public exploit code identified at time of analysis, but proof-of-concept demonstrated internally by NVIDIA researchers. This vulnerability targets data science and ML engineering environments where notebook sharing is common practice.

RCE XSS Nvidia Suse
NVD GitHub
CVSS 4.0
8.4
EPSS
0.1%
CVE-2026-24231 MEDIUM This Month

Server-side request forgery in NVIDIA NemoClaw's validateEndpointUrl() function allows local attackers with user interaction to supply crafted endpoint URLs targeting the 0.0.0.0/8 address range via blueprint configuration files or CLI flags, leading to information disclosure. The vulnerability affects all versions of NemoClaw and requires local access with user interaction to trigger, limiting exposure to systems where untrusted users can modify configuration or invoke CLI commands.

Information Disclosure SSRF Nvidia
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-24222 HIGH This Week

Remote unauthenticated attackers can exfiltrate sensitive host environment variables from NVIDIA NeMoClaw by injecting malicious prompts that bypass sandbox access controls. The vulnerability affects the sandbox initialization component and enables information disclosure without requiring any authentication or user interaction (CVSS 8.6, AV:N/AC:L/PR:N/UI:N). Cross-scope impact (S:C) indicates the attack breaks out of the intended sandbox boundary to access host-level secrets. EPSS and KEV status not available; this appears to be a recently disclosed AI/LLM agent security issue.

Information Disclosure Nvidia
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-24204 MEDIUM This Month

NVIDIA Flare SDK is vulnerable to path traversal via improper input validation, allowing authenticated remote attackers to disclose sensitive information. The vulnerability affects all versions of the SDK and requires valid user credentials to exploit, making it a moderate-risk issue for organizations using Flare in multi-user environments. No public exploit code or active exploitation has been identified.

Information Disclosure Nvidia
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-24186 HIGH This Week

Remote code execution in NVIDIA FLARE SDK allows authenticated attackers to execute arbitrary code by sending maliciously crafted FOBS-encoded messages that exploit unsafe deserialization in the FOBS component. The vulnerability affects federated learning deployments where NVIDIA FLARE SDK processes messages from low-privileged authenticated users, enabling complete system compromise with high impact to confidentiality, integrity, and availability. No active exploitation confirmed (not in CISA KEV) and public exploit status unknown at time of analysis.

Nvidia Deserialization RCE
NVD
CVSS 3.1
8.8
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH This Week

Code execution in NVIDIA TensorRT is possible when the SDK processes a maliciously crafted input that overflows a heap-based buffer (CWE-122), corrupting adjacent heap memory. The flaw affects the TensorRT deep-learning inference library and requires a local user to load attacker-supplied content, per the AV:L/UI:R CVSS vector; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Successful exploitation yields full loss of confidentiality, integrity, and availability (C:H/I:H/A:H) in the context of the process running the inference job.

Heap Overflow Buffer Overflow Nvidia +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local code execution in NVIDIA TensorRT is possible when the library parses an attacker-supplied input (such as a crafted model/engine file), triggering a heap-based buffer overflow (CWE-122) that can corrupt memory and lead to arbitrary code execution in the context of the process using TensorRT. The CVSS 3.1 vector (AV:L/UI:R) indicates the attacker needs local access and must induce a user or application to load malicious content, and there is no public exploit identified at time of analysis. TensorRT is NVIDIA's deep-learning inference SDK, so the affected population is developers, MLOps pipelines, and inference servers that load third-party or untrusted models.

Heap Overflow Buffer Overflow Nvidia +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper array index validation (CWE-129) in NVIDIA TensorRT allows an attacker to trigger out-of-bounds memory access that may lead to arbitrary code execution when a victim processes malicious input on the local host. The CVSS 3.1 vector (AV:L/UI:R) indicates the target must actively load attacker-controlled content, so exploitation hinges on tricking a user or automated pipeline into ingesting a crafted model or input file. There is no public exploit identified at time of analysis and the CVE is not in CISA KEV, but with high confidentiality, integrity, and availability impact this is a meaningful priority for AI/ML inference environments.

Nvidia RCE Tensorrt
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

NVIDIA TensorRT for contains a vulnerability where a user might cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution.

Nvidia RCE Deserialization +1
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service.

Nvidia Denial Of Service Tensorrt Llm
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service.

Nvidia Denial Of Service Tensorrt Llm
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service.

Nvidia Denial Of Service Tensorrt Llm
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Nvidia RCE Information Disclosure +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Authentication Bypass Nvidia RCE +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution.

Nvidia RCE Deserialization +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure.

Nvidia SSRF Denial Of Service +2
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI server directly and read, write, or delete internal cluster state, resulting in information disclosure, data tampering, and denial of service. The flaw (CWE-306) affects the orchestration layer that coordinates disaggregated prefill/decode inference workers. No public exploit identified at time of analysis, and the CVSS 3.1 base score is 7.3 with a local attack vector despite the request-based nature of the issue.

Authentication Bypass Nvidia Denial Of Service +2
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (CWE-123), enabling arbitrary memory writes that can corrupt data, crash the inference service, or leak sensitive information. The flaw carries a CVSS 7.4 (High) score with a local attack vector and high attack complexity, and affects the TensorRT-LLM library used to build and serve optimized large-language-model inference on NVIDIA GPUs. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Denial Of Service Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Heap-based buffer overflow in NVIDIA TensorRT-LLM's tensor deserialization path lets an adjacent, unauthenticated attacker corrupt heap memory by supplying a crafted serialized tensor, potentially causing information disclosure, data tampering, or denial of service. All platforms running affected TensorRT-LLM versions are impacted. There is no public exploit identified at time of analysis and the flaw is not listed in CISA KEV; NVIDIA rates exploitation as high-complexity (AC:H).

Nvidia Denial Of Service Heap Overflow +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege-context deserialization in NVIDIA TensorRT-LLM lets an attacker who already has same-user access to a host running the inference stack abuse its inter-process communication layer to trigger unsafe object deserialization (CWE-502), potentially yielding code execution, information disclosure, data tampering, and denial of service. The flaw is vendor-reported by NVIDIA and carries a CVSS 3.1 base of 7.8 (AV:L), meaning it is not remotely reachable but converts existing local access into full compromise of the model-serving process. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Nvidia Denial Of Service Information Disclosure +3
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Insecure deserialization in NVIDIA TensorRT-LLM for Linux lets a local, low-privileged attacker abuse a weakness in the restricted unpickler that handles model-weight loading, potentially achieving code execution, privilege escalation, data tampering, and information disclosure. The flaw (CWE-502, CVSS 8.4) affects the GPU LLM-inference library and stems from the restricted unpickler failing to fully constrain what can be deserialized from an untrusted model artifact. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Information Disclosure Nvidia RCE +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to exhaust host memory by triggering a memory leak (CWE-401, missing release of memory after effective lifetime), degrading or crashing the inference service. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N, A:H) indicates trivial network-reachable exploitation with no authentication and high availability impact, but no confidentiality or integrity exposure. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Nvidia Denial Of Service Triton Inference Server
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause an authentication bypass through an alternative path or channel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Nvidia Authentication Bypass RCE +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to crash the service by triggering an uncaught exception (CWE-248), taking the model-serving endpoint offline. The flaw carries CVSS 7.5 with a pure availability impact (C:N/I:N/A:H) and no public exploit identified at time of analysis; it was reported by NVIDIA itself. No confidentiality or integrity compromise is involved — the sole consequence is loss of inference availability.

Nvidia Denial Of Service Triton Inference Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux lets remote unauthenticated attackers exhaust server resources (CWE-400 uncontrolled resource consumption) and render the AI/ML inference endpoint unavailable, with no impact to confidentiality or integrity. The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/A:H), reflecting network-reachable, low-complexity, no-privilege exploitation. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; no EPSS score was provided in the input.

Nvidia Denial Of Service Triton Inference Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux allows a remote, unauthenticated attacker to disrupt availability by triggering use of an expired (stale) file descriptor. The flaw impacts availability only (no data exposure or code execution) and, per CVSS PR:N/UI:N, requires no authentication or user interaction. There is no public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV; no EPSS score was provided in the input.

Nvidia Denial Of Service Triton Inference Server
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux stems from a stack-based buffer overflow (CWE-121) reachable by remote, unauthenticated attackers over the network. Per the CVSS 3.1 vector, exploitation requires no privileges or user interaction and impacts only availability (A:H), with no confidentiality or integrity effect. There is no public exploit identified at time of analysis, and the CVE is not listed in CISA KEV; no EPSS score was provided in the input.

Buffer Overflow Stack Overflow Denial Of Service +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to trigger uncontrolled resource consumption, exhausting server resources and rendering the model-serving endpoint unavailable. The flaw carries a CVSS 7.5 with a pure availability impact and no confidentiality or integrity effect; it was reported by NVIDIA, and there is no public exploit identified at time of analysis. No special access is required, but the concrete resource-exhaustion trigger is not detailed in the available data.

Nvidia Denial Of Service Triton Inference Server
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Arbitrary file write via symlink attack in FlashAttention's build toolchain (through 2.8.3.post1) allows a local low-privileged attacker to redirect NVIDIA archive extraction to attacker-controlled paths by pre-planting a symlink in the predictable cache directory before a victim initiates a build. The hopper/setup.py download_and_copy() function called tarfile.extractall() without symlink validation or path confinement, meaning extracted NVIDIA toolchain binaries could be written anywhere accessible to the victim's process. No active exploitation is confirmed in CISA KEV, but a publicly available proof-of-concept exists at GitHub issue #2637 and a vendor patch is available in commit 0816ef1.

Nvidia Information Disclosure Flash Attention
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Authentication bypass in NVIDIA AIStore, a scalable distributed object-storage framework for AI/ML data pipelines, lets a remote attacker circumvent access controls (CWE-290) and reach protected functionality without valid credentials. Because the flaw yields full confidentiality, integrity, and availability impact (CVSS 9.8), successful exploitation can enable information disclosure of stored datasets, tampering with training data, privilege escalation, and denial of service. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Authentication Bypass Nvidia Denial Of Service +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux (versions through 26.03) allows a remote attacker to crash the service by triggering a use-after-free (CWE-416) condition, per the NVIDIA product-security advisory. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/A:H) indicates network-reachable, unauthenticated exploitation with high availability impact but no confidentiality or integrity effect. No public exploit identified at time of analysis, and CISA SSVC rates exploitation status as 'none' with an EPSS of 0.54% (41st percentile), consistent with no observed activity.

Memory Corruption Nvidia Denial Of Service +2
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to exhaust server resources by submitting highly compressed (data-amplification / decompression-bomb) input that the server improperly handles during decompression. The flaw (CWE-409) affects the Linux distribution of Triton and carries a CVSS 7.5 (availability-only impact); there is no public exploit identified at time of analysis and it is not listed in CISA KEV. Impact is limited to availability - no confidentiality or integrity loss.

Nvidia Denial Of Service Triton Inference Server
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Local code execution and privilege escalation in NVIDIA Megatron Bridge (Linux) stems from unsafe handling of dynamically managed code resources, rooted in an insecure deserialization flaw (CWE-502). A low-privileged local user who can influence the data or model artifacts Megatron Bridge loads can achieve arbitrary code execution, escalate privileges, tamper with data, and disclose information. NVIDIA self-reported the issue with a CVSS 3.1 base score of 7.8; there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Nvidia Deserialization Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation and code execution in NVIDIA Megatron Bridge for Linux stems from unsafe deserialization of attacker-controlled input (CWE-502), allowing a low-privileged local user to achieve arbitrary code execution, tamper with data, and disclose information. NVIDIA reported the flaw with no public exploit identified at time of analysis, and it is not listed in CISA KEV; no EPSS score was provided. Megatron Bridge is an ML/LLM training framework, so impact centers on shared GPU/training hosts rather than internet-facing services.

Nvidia Deserialization Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux allows a low-privileged local attacker to achieve code execution, privilege escalation, data tampering, and information disclosure. Megatron Bridge is NVIDIA's model-interoperability tooling used to convert and load large-language-model checkpoints in the Megatron/PyTorch training stack, where unsafe object deserialization (CWE-94) lets attacker-controlled serialized data run arbitrary code in the process context. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the CVSS 7.8 (High) rating with full C/I/A impact makes it a meaningful risk on shared or multi-tenant ML infrastructure.

Deserialization Code Injection Nvidia +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge for Linux stems from improper control of code generation (CWE-94), allowing an attacker who convinces a user to process a malicious artifact to run code in the context of the training/inference workload. Successful exploitation can escalate privileges, tamper with data, and disclose information. There is no public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; the CVSS 3.1 vector (AV:L/UI:R) indicates local access with user interaction is required.

Code Injection Nvidia Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Insecure deserialization in NVIDIA Megatron Bridge for Linux (CWE-502) lets an attacker who supplies a crafted serialized object achieve code execution, privilege escalation, data tampering, and information disclosure when a local user loads that data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) shows the attack is local and hinges on the victim opening attacker-controlled content, with no public exploit identified at time of analysis. Megatron Bridge is a specialized NVIDIA library for bridging large-language-model training frameworks, so exposure is concentrated in ML/AI training and research environments rather than general enterprise fleets.

Nvidia Deserialization Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge on Linux arises from unsafe reflection (CWE-470), where externally-controlled input selects which classes or code resources are dynamically loaded. A local attacker who convinces a user to load a crafted artifact (e.g., a malicious model, checkpoint, or configuration) can trigger code execution, privilege escalation, data tampering, and information disclosure. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Nvidia Information Disclosure RCE +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge for Linux arises from unsafe deserialization of untrusted data (CWE-502), allowing an attacker who tricks a user into loading a crafted serialized object to execute code, escalate privileges, tamper with data, and disclose information. The flaw affects the Megatron Bridge model-conversion/training tooling and is locally exploitable but hinges on victim interaction (UI:R). No public exploit code has been identified and the issue is not in CISA KEV, so there is currently no evidence of active exploitation.

Nvidia Deserialization Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution and privilege escalation in NVIDIA Megatron Bridge on Linux arises from unsafe deserialization of untrusted data, allowing a local attacker who convinces a user to load a malicious serialized object to run code, tamper with data, and disclose information. NVIDIA (the reporting vendor) rates it 7.8 (High); the CVSS vector requires local access and user interaction, so exploitation is not remote-unauthenticated. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Nvidia Deserialization Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in NVIDIA Megatron Bridge (all versions per the NVIDIA advisory) arises from unsafe deserialization of untrusted data (CWE-502), where an attacker supplies a crafted serialized object — typically a malicious model checkpoint or configuration artifact — that a user loads locally, yielding code execution, privilege escalation, data tampering, and information disclosure. The CVSS 3.1 base score is 7.8 (High) with a local vector requiring user interaction (AV:L/UI:R) and no attacker privileges. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; no EPSS score was provided.

Nvidia Deserialization Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Server-side request forgery in NVIDIA Megatron Bridge for Linux allows an attacker to coerce the software into issuing attacker-controlled requests, potentially leading to disclosure of sensitive information. The flaw (CWE-918) was reported by NVIDIA itself and carries a vendor CVSS 3.1 score of 7.8; notably the vector is scored as local with required user interaction (AV:L/UI:R) rather than a classic remote SSRF, which security teams should reconcile against the SSRF classification. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Nvidia SSRF Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Deserialization of untrusted data in NVIDIA Megatron Bridge for Linux (CWE-502) can lead to arbitrary code execution, privilege escalation, data tampering, and information disclosure when a user loads attacker-controlled data. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) indicates a local attack requiring the victim to open or process a malicious artifact — consistent with unsafe deserialization of a model checkpoint, config, or serialized object. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV; EPSS was not provided.

Nvidia Deserialization Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL Act Now

Out-of-bounds write in the command interface of NVIDIA ConnectX SmartNICs and BlueField DPUs allows a local user holding virtual function (VF) access - typically a tenant inside a guest VM - to corrupt device memory via crafted input and potentially achieve arbitrary code execution on the network device itself. Because the CVSS scope is Changed (S:C), a successful exploit crosses the VF isolation boundary and threatens the host and other tenants, making this a serious multi-tenant/cloud isolation-breakout risk. There is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Memory Corruption Nvidia Buffer Overflow +11
NVD GitHub
EPSS 0% CVSS 9.0
CRITICAL Act Now

Out-of-bounds write in the command interface of NVIDIA ConnectX network adapters and BlueField DPUs allows a local user holding an assigned virtual function (VF) to corrupt device memory via crafted input, potentially achieving arbitrary code execution on the device itself. Because the flaw sits at the firmware command interface reachable from a SR-IOV guest, a successful exploit crosses the guest/device trust boundary (CVSS scope-changed, base 9.0) and can compromise the host that owns the adapter. This is a vendor-reported issue with no public exploit identified at time of analysis and no CISA KEV listing.

Memory Corruption Nvidia Buffer Overflow +9
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

Privilege escalation and container escape in NVIDIA Container Toolkit for Linux (and the GPU Operator that bundles it) stem from a time-of-check to time-of-use (TOCTOU) race condition that can lead to arbitrary code execution, privilege escalation, and data tampering across a scope boundary. A low-privileged attacker who can win the race may break out of the intended isolation boundary of GPU-enabled containers. No public exploit has been identified at time of analysis, and the CVE is not listed in CISA KEV; NVIDIA is the reporting source via its product-security advisory 5850.

Nvidia RCE Container Toolkit +3
NVD GitHub
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Arbitrary file read leading to remote code execution affects Langflow versions prior to 1.9.2 in any flow that uses BaseFileComponent-derived nodes (Read File, Docling, Docling Serve, NVIDIA Retriever Extraction, Video File, Unstructured API). An attacker who can submit a TAR archive containing symlinks - for example through a RAG ingestion pipeline that accepts user documents - causes the server to follow those links and ingest arbitrary host files such as Langflow's JWT secret_key, which can then be used to forge admin tokens and execute Python via the Code Interpreter node. Publicly available exploit code exists (researcher-published PoC archive and demo video); not listed in CISA KEV.

Nvidia Python RCE
NVD GitHub VulDB
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

Unauthenticated remote code execution in NVIDIA Spatial Intelligence Lab's GEN3C inference API server allows network attackers to execute arbitrary Python code by sending crafted pickle payloads to the /request-inference and /seed-model endpoints. The endpoints feed raw HTTP bodies directly into pickle.loads() with no authentication or validation, so a standard __reduce__ gadget yields code execution as the inference process. No public exploit identified at time of analysis, but the upstream patch and a VulnCheck advisory document the precise vulnerable code path.

Nvidia Deserialization Python +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Local code execution in NVIDIA NeMo Framework on Linux allows an authenticated low-privileged attacker to abuse unsafe deserialization of untrusted data (CWE-502) to run arbitrary code, escalate privileges, tamper with data, or disclose information. The CVSS 7.8 (AV:L/PR:L) profile and the typical ML-training use case mean exploitation requires existing access to the host running NeMo. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Nvidia Deserialization Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Code injection in NVIDIA NeMo Framework across all supported platforms allows a local attacker with low privileges to execute arbitrary code, escalate privileges, disclose sensitive information, and tamper with data. The flaw carries a CVSS 3.1 score of 7.8 with high impact across confidentiality, integrity, and availability, though no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Code Injection Information Disclosure +2
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Heap-based buffer overflow in NVIDIA DALI enables local authenticated attackers to achieve code execution, data tampering, denial of service, or information disclosure when a victim user interacts with attacker-supplied input. The flaw affects the Data Loading Library used in GPU-accelerated deep learning data pipelines and carries a CVSS 3.1 score of 7.3 (High). No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Nvidia Heap Overflow RCE +3
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Local code execution and data tampering in NVIDIA DALI (Data Loading Library) is possible when a low-privileged user is tricked into processing attacker-controlled input through a component that performs improper index validation (CWE-129). The CVSS 7.3 vector (AV:L/AC:L/PR:L/UI:R) indicates local access, low privileges, and user interaction are required, with high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Information Disclosure Nvidia +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local code execution in NVIDIA NVTabular allows a low-privileged attacker to abuse insecure deserialization of untrusted data, potentially leading to arbitrary code execution, data tampering, and information disclosure on the host running the library. The flaw carries a CVSS 7.8 (High) rating with confidentiality, integrity, and availability all marked High, and currently no public exploit identified at time of analysis. NVTabular is a tabular feature-engineering library used in recommender-system pipelines, so the practical blast radius is data-science workstations and ML training nodes.

Nvidia RCE Deserialization +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local code execution in NVIDIA NVTabular allows an authenticated low-privileged user to abuse improper deserialization of untrusted data to run arbitrary code, tamper with data, and disclose sensitive information. The CVSS 3.1 base score is 7.8 (AV:L/AC:L/PR:L/UI:N) reflecting a local attack vector with low complexity and low privileges; no public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Nvidia RCE Deserialization +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Race condition in the Linux kernel memory management subsystem during large-folio migration can cause kernel availability disruption on SMP/NUMA systems. The flaw in migrate_folio_move() causes a destination folio to become visible to concurrent rmap-removal paths before being requeued onto the deferred split queue, triggering a kernel WARN in deferred_split_folio() or silently losing a folio from split_queue when the shrinker races the migration lock. With no public exploit, no CISA KEV listing, and an EPSS of 0.02%, this is a low real-world risk issue primarily relevant to HPC, virtualization, and database workloads with heavy NUMA migration activity.

Nvidia Race Condition Linux +3
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Incorrect permission assignment in the NVIDIA Display Driver kernel module on Windows and Linux allows a highly privileged local user to corrupt critical resource permissions, leading to denial of service and potentially data tampering. Affected product lines span GeForce (limited to Maxwell, Volta, and Pascal architectures on some branches), RTX/Quadro/NVS, Tesla, and Guest (vGPU) drivers across multiple version branches. No public exploit exists and no active exploitation has been identified; SSVC assessment rates exploitation as none and impact as partial, consistent with the moderate CVSS score of 4.4.

Denial Of Service Nvidia Microsoft +1
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Out-of-bounds write in NVIDIA Virtual GPU Manager exposes virtualized GPU deployments to denial of service, data tampering, and information disclosure. A local, low-privileged attacker operating within a virtualized environment can trigger the memory corruption flaw in the host-side vGPU manager component across multiple affected driver branches (vGPU 16.x through 20.x). No public exploit code exists at time of analysis, and EPSS probability is at the 2nd percentile, but the high availability impact (A:H in CVSS) and the prevalence of vGPU in enterprise virtualization infrastructure warrant prompt patching.

Nvidia Memory Corruption Information Disclosure +3
NVD VulDB
EPSS 0% CVSS 7.0
HIGH This Week

Local privilege escalation and code execution in NVIDIA Virtual GPU Manager arises from a use-after-free on stack memory within the vGPU hypervisor component. Authenticated local attackers on the host or guest side of an affected vGPU deployment (vGPU branches 16.x through 20.x) can trigger memory corruption that may yield DoS, info disclosure, data tampering, or arbitrary code execution. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC rates technical impact as total.

Nvidia Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU guest drivers) allows an authenticated local user to abuse improper permission handling in a kernel mode layer handler, enabling code execution, privilege elevation, and data tampering. CVSS 7.8 reflects high impact across confidentiality, integrity, and availability, but the attack vector is local and authenticated. No public exploit identified at time of analysis and EPSS is 0.01%, but SSVC marks technical impact as total.

Nvidia RCE Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in NVIDIA Display Driver for Windows (GeForce, RTX/Quadro/NVS, Tesla, and vGPU guest/manager components) stems from a time-of-check time-of-use (TOCTOU) race condition that can be abused by a low-privileged local user. Successful exploitation may yield code execution, privilege escalation, denial of service, information disclosure, or data tampering with scope change beyond the driver's security boundary. No public exploit identified at time of analysis; EPSS is 0.01% and SSVC exploitation status is 'none', so the practical risk is contingent on local access and winning a high-complexity race.

Nvidia RCE Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Windows and Linux allows authenticated low-privilege users to improperly access GPU resources via a kernel mode layer flaw, potentially leading to code execution, privilege escalation, information disclosure, data tampering, and denial of service. The issue affects GeForce, RTX/Quadro/NVS, and Tesla product lines across multiple driver branches and carries a CVSS 7.8 (High) score. No public exploit identified at time of analysis, and EPSS probability is very low (0.01%), but the breadth of affected hardware and total technical impact warrant prompt patching.

Nvidia RCE Linux +4
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the NVIDIA Display Driver for Windows and Linux allows an authenticated low-privileged user to trigger an out-of-bounds write (CWE-787) in the kernel-mode driver, potentially leading to code execution, privilege escalation, information disclosure, data tampering, or denial of service. The flaw affects GeForce, RTX/Quadro/NVS, and Tesla product lines, with NVIDIA confirming the vulnerability and releasing patched driver versions. No public exploit identified at time of analysis, and EPSS rates exploitation probability at just 0.01%.

Nvidia Memory Corruption RCE +4
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Out-of-bounds read in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest drivers) allows a locally authenticated user to trigger denial of service and information disclosure. The flaw carries a CVSS 3.1 score of 7.1 (AV:L/AC:L/PR:L), and per CISA SSVC there is no public exploit identified at time of analysis (Exploitation: none), with EPSS at 0.01% indicating negligible near-term exploitation likelihood. NVIDIA has published fixed driver versions across all affected branches in advisory ID 5821.

Denial Of Service Information Disclosure Nvidia +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

NVIDIA Display Driver for Linux exposes a denial-of-service condition in the Multi-Instance GPU (MIG) partition management subsystem, rooted in insecure default initialization of memory subsystem routing resources (CWE-1188). A local authenticated user - with low privileges on a Linux system running MIG-enabled Tesla, GeForce, RTX/Quadro/NVS, or Virtual GPU Manager driver branches - can trigger a hang or data corruption during partition reconfiguration, potentially disrupting all GPU workloads sharing the affected physical GPU. No public exploit code exists and this vulnerability is not in CISA KEV; EPSS sits at 0.01% (2nd percentile), indicating no observed mass exploitation at time of analysis.

Denial Of Service Nvidia
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Race condition exploitation in NVIDIA Display Driver's Linux kernel module allows a local authenticated user to cause denial of service by manipulating compiler or processor memory instruction ordering. Affected product lines span GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest Driver across multiple driver branches up to the March 2026 release. No active exploitation has been confirmed - this is not listed in CISA KEV, EPSS is 0.01% (1st percentile), and SSVC assessment classifies exploitation status as none - placing this firmly in a patch-and-monitor category rather than emergency response.

Denial Of Service Nvidia Race Condition +6
NVD VulDB
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Race condition in NVIDIA GPU Display Driver for Linux allows a high-privileged local attacker to leak sensitive kernel or process memory, producing limited information disclosure alongside potential data tampering and denial of service. Affected product lines span GeForce, RTX/Quadro/NVS, and Tesla GPU families running Linux driver branches prior to 580.159.03 or 595.71.05. No public exploit code exists and this vulnerability is absent from the CISA KEV catalog; an EPSS of 0.01% (1st percentile) and SSVC classification of Exploitation: none together place it at the lowest tier of real-world exploitation priority.

Denial Of Service Information Disclosure Nvidia +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Denial of service in NVIDIA Display Driver for Windows and Linux stems from improper lock management (CWE-667), where an attacker with local low-privilege access can leak held driver locks, potentially crashing or hanging the driver stack and denying GPU availability system-wide. Scope is changed (S:C), meaning the impact extends beyond the vulnerable component to the broader kernel or hypervisor layer. No public exploit identified at time of analysis and no CISA KEV listing; EPSS at 0.01% (1st percentile) and SSVC exploitation status of 'none' consistently signal low near-term exploitation likelihood.

Denial Of Service Nvidia Microsoft
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Denial of service in the NVIDIA Display Driver for Linux (UVM kernel module) allows a local user to crash or render the GPU subsystem unavailable through improper input validation. The flaw affects NVIDIA Guest drivers used in vGPU deployments (versions 580.126.09 and 595.58.03 across vGPU 19.4 and 20.0 branches) and carries a CVSS 7.1 with high availability impact and scope change. There is no public exploit identified at time of analysis, and EPSS is very low (0.01%, 2nd percentile), consistent with the local attack vector and DoS-only impact.

Denial Of Service Nvidia
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and Virtual GPU Manager branches) stems from an incorrect numeric type conversion (CWE-681) that produces a heap buffer overflow. A locally authenticated attacker with low privileges can trigger the flaw to achieve code execution, privilege escalation, information disclosure, data tampering, or denial of service. No public exploit identified at time of analysis, and EPSS is very low (0.01%, 1st percentile), but technical impact per SSVC is total.

Nvidia RCE Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation and code execution in the NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest/Manager components) stems from a use-after-free memory corruption flaw (CWE-416) that a local low-privileged user can trigger to compromise the kernel-level driver. The scope-changed CVSS 8.8 score reflects that successful exploitation crosses a trust boundary, potentially yielding code execution, privilege escalation, information disclosure, data tampering, or denial of service. EPSS is 0.01% (1st percentile) and there is no public exploit identified at time of analysis, but a vendor patch is available across all affected branches.

Nvidia Memory Corruption RCE +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Insecure deserialization in NVIDIA Merlin Transformers4Rec on Linux allows a local attacker to achieve code execution, data tampering, and information disclosure by tricking a user into loading a malicious serialized object. The flaw affects all Main-branch commits prior to March 11, 2026, and currently has no public exploit identified at time of analysis, with a very low EPSS score (0.02%) reflecting limited real-world activity. CISA SSVC classifies exploitation as 'none' but technical impact as 'total', placing it firmly in the supply-chain/MLOps risk category rather than a mass-exploitation threat.

Information Disclosure Nvidia Deserialization +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Cleartext transmission of sensitive information in NVIDIA Isaac Launchable for Linux (all versions prior to 1.2) exposes credentials or other sensitive data to attackers on the same adjacent network, potentially enabling downstream code execution, privilege escalation, information disclosure, and data tampering. The flaw carries a CVSS 7.5 (High) rating, but exploitation requires adjacent-network access and high attack complexity, and there is no public exploit identified at time of analysis. EPSS is 0.00% and the issue is not on the CISA KEV list.

Information Disclosure Nvidia RCE +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Path traversal in NVIDIA BioNeMo Core for Linux allows remote attackers to escape intended directory boundaries when a user is induced to load a malicious file, enabling code execution, information disclosure, data tampering, or denial of service. The flaw carries a high CVSS score of 8.8 driven by network reachability and full CIA impact, though exploitation requires user interaction; no public exploit identified at time of analysis.

Information Disclosure RCE Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in NVIDIA BioNemo Framework on Linux allows a local attacker to abuse unsafe deserialization of untrusted data (CWE-502), leading to code execution, denial of service, information disclosure, and data tampering. The CVSS 7.8 vector indicates local attack vector with required user interaction, and no public exploit has been identified at time of analysis.

Information Disclosure Deserialization RCE +2
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Host impersonation and machine-in-the-middle attacks against NVIDIA DGX OS systems are possible because the factory provisioning process clones a base image that ships identical SSH host keys onto every similarly provisioned system, primarily affecting DGX Spark deployments. With a CVSS of 8.1 and a CWE-321 (Use of Hard-Coded Cryptographic Key) root cause, an unauthenticated network attacker who possesses the shared key material from any one device can impersonate peers, potentially leading to code execution, data tampering, privilege escalation, information disclosure, or denial of service. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Information Disclosure Nvidia Denial Of Service +1
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Out-of-bounds write in NVIDIA TensorRT allows remote attackers to corrupt memory and tamper with data processed by the inference engine, per NVIDIA's own advisory (KB 5836). The CVSS 8.2 score reflects high integrity impact with no privileges or user interaction required, though confidentiality is unaffected. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Memory Corruption Nvidia Buffer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unsafe deserialization in NVIDIA TensorRT-LLM's RPC testing component allows a local high-privileged attacker to trigger code execution, denial of service, data tampering, or information disclosure across a changed scope. The flaw is rated CVSS 7.5 despite local-only access and high attack complexity because successful exploitation crosses a security boundary (S:C) and yields full CIA impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Deserialization RCE +2
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Null pointer dereference in NVIDIA TensorRT-LLM across all supported platforms allows a local attacker to crash the application and cause denial of service. The flaw stems from an unchecked return value that is subsequently dereferenced, triggering a fault when the returned pointer is null. With a CVSS score of 5.5 and no public exploit or CISA KEV listing identified at time of analysis, real-world risk is moderate and constrained by the local attack vector and mandatory user interaction.

Nvidia Denial Of Service
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Deserialization of untrusted data in NVIDIA TensorRT-LLM across all platforms allows a local, low-privileged attacker to achieve code execution, data tampering, and information disclosure by exploiting an unsafe serialized handle. The CVSS Changed Scope (S:C) indicates the impact can extend beyond the vulnerable component itself - notable given TensorRT-LLM's role as an inference serving library often integrated into multi-tenant or production AI infrastructure. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Deserialization Nvidia Information Disclosure +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Unsafe deserialization in NVIDIA TensorRT-LLM's MPI server component allows a high-privileged local attacker to achieve code execution, denial of service, data tampering, or information disclosure on systems running the affected library. The CVSS 7.5 score reflects high impact but constrained exploitability (AV:L/AC:H/PR:H), and no public exploit identified at time of analysis. Scope change (S:C) indicates compromise can extend beyond the vulnerable component to impact other resources on the host.

Information Disclosure Deserialization RCE +2
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM This Month

Uncontrolled resource consumption in NVIDIA Triton Inference Server's DALI backend allows a network-adjacent, low-privileged attacker to exhaust server resources, resulting in denial of service. The vulnerability (CWE-400) is triggered through the DALI data-loading and augmentation backend, requires low privileges and user interaction, and carries a CVSS score of 5.7 (Medium). No public exploit code or CISA KEV listing has been identified at time of analysis, placing this in a monitored-but-not-critical-urgency tier for most deployments.

Nvidia Denial Of Service
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Integer overflow in the DALI backend of NVIDIA Triton Inference Server allows authenticated remote attackers to trigger memory corruption that may result in code execution, data tampering, or denial of service. The flaw requires low-level privileges plus user interaction (CVSS 8.0, AV:N/AC:L/PR:L/UI:R) and affects deployments exposing the DALI inference pipeline. No public exploit identified at time of analysis.

Nvidia Denial Of Service RCE +1
NVD VulDB
EPSS 0% CVSS 8.0
HIGH This Week

Out-of-bounds read in the DALI backend of NVIDIA Triton Inference Server allows authenticated remote attackers to trigger memory disclosure that may escalate to code execution, data tampering, or denial of service. The flaw carries a CVSS 8.0 (High) rating reflecting low-privilege network access with required user interaction, and no public exploit identified at time of analysis. NVIDIA has published a security bulletin addressing the issue.

Information Disclosure Buffer Overflow RCE +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in NVIDIA Triton Inference Server can be triggered remotely by unauthenticated attackers via an integer overflow condition (CWE-190). The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, and no public exploit has been identified at time of analysis. Defenders running Triton in network-exposed inference deployments should prioritize patching since exploitation requires no privileges, no user interaction, and low attack complexity.

Nvidia Denial Of Service Integer Overflow
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in NVIDIA Triton Inference Server can be triggered remotely without authentication via a path traversal flaw (CWE-22), enabling unauthenticated network attackers to disrupt model-serving availability. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, and no public exploit has been identified at time of analysis.

Denial Of Service Nvidia Path Traversal
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Path traversal exploitation in NVIDIA Triton Inference Server enables unauthenticated remote attackers to cause denial of service by submitting crafted requests containing malicious path components. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms zero authentication or user interaction is required, making this broadly reachable from the network with low attack complexity. No public exploit code has been identified and the vulnerability is not listed in the CISA KEV catalog at time of analysis; however, the no-prerequisite attack profile warrants patching per NVIDIA's advisory at nvidia.custhelp.com.

Denial Of Service Nvidia Path Traversal
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected functionality over the network, potentially chaining to code execution, privilege escalation, data tampering, denial of service, or information disclosure. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) reflects a critical severity issue affecting an AI/ML inference platform commonly deployed in production model-serving environments. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV.

Information Disclosure Authentication Bypass RCE +2
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Authentication bypass in NVIDIA Triton Inference Server allows remote unauthenticated attackers to circumvent access controls, potentially leading to privilege escalation, denial of service, or information disclosure. With a CVSS 7.3 score and network-reachable attack vector (AV:N/AC:L/PR:N/UI:N), the flaw is exploitable without user interaction or credentials, though no public exploit identified at time of analysis. The vulnerability is not currently listed in CISA KEV, and EPSS data was not provided in the source intelligence.

Information Disclosure Nvidia Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Remote code execution in ai-scanner versions 1.0.0 through 1.4.0 allows authenticated attackers to inject and execute arbitrary JavaScript code via the BrowserAutomation::PlaywrightService component. The vulnerability has a Critical CVSS score of 9.9 with scope change, enabling cross-boundary compromise of confidentiality, integrity, and availability. Vendor-released patch available in version 1.4.1 as of April 13, 2026, with GitHub Security Advisory GHSA-r27j-xxgx-f5vr confirming the fix.

Nvidia Code Injection RCE
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Linux kernel's Tegra PMC driver can trigger kernel warnings and potential denial of service during system resume by calling generic_handle_irq() from non-interrupt context. Affects Tegra186 and later platforms running Linux kernel versions prior to 6.19.6 and 7.0. CVSS 5.5 indicates local low-complexity exploitation requiring authenticated access. EPSS score of 0.02% (5th percentile) suggests minimal observed exploitation activity. Vendor patches available via stable kernel tree commits.

Nvidia Linux Information Disclosure
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Stored XSS in Jupyter Notebook's CommandLinker feature enables authentication token theft through malicious notebook files, leading to complete account takeover. Attackers craft notebook files with disguised controls that, when clicked once by victims, execute arbitrary code via the Jupyter REST API, granting full filesystem access and kernel control. Reported by NVIDIA AI Red Team. Vendor-released patches available: Jupyter Notebook 7.5.6 and JupyterLab 4.5.7. No public exploit code identified at time of analysis, but proof-of-concept demonstrated internally by NVIDIA researchers. This vulnerability targets data science and ML engineering environments where notebook sharing is common practice.

RCE XSS Nvidia +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM This Month

Server-side request forgery in NVIDIA NemoClaw's validateEndpointUrl() function allows local attackers with user interaction to supply crafted endpoint URLs targeting the 0.0.0.0/8 address range via blueprint configuration files or CLI flags, leading to information disclosure. The vulnerability affects all versions of NemoClaw and requires local access with user interaction to trigger, limiting exposure to systems where untrusted users can modify configuration or invoke CLI commands.

Information Disclosure SSRF Nvidia
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Remote unauthenticated attackers can exfiltrate sensitive host environment variables from NVIDIA NeMoClaw by injecting malicious prompts that bypass sandbox access controls. The vulnerability affects the sandbox initialization component and enables information disclosure without requiring any authentication or user interaction (CVSS 8.6, AV:N/AC:L/PR:N/UI:N). Cross-scope impact (S:C) indicates the attack breaks out of the intended sandbox boundary to access host-level secrets. EPSS and KEV status not available; this appears to be a recently disclosed AI/LLM agent security issue.

Information Disclosure Nvidia
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

NVIDIA Flare SDK is vulnerable to path traversal via improper input validation, allowing authenticated remote attackers to disclose sensitive information. The vulnerability affects all versions of the SDK and requires valid user credentials to exploit, making it a moderate-risk issue for organizations using Flare in multi-user environments. No public exploit code or active exploitation has been identified.

Information Disclosure Nvidia
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in NVIDIA FLARE SDK allows authenticated attackers to execute arbitrary code by sending maliciously crafted FOBS-encoded messages that exploit unsafe deserialization in the FOBS component. The vulnerability affects federated learning deployments where NVIDIA FLARE SDK processes messages from low-privileged authenticated users, enabling complete system compromise with high impact to confidentiality, integrity, and availability. No active exploitation confirmed (not in CISA KEV) and public exploit status unknown at time of analysis.

Nvidia Deserialization RCE
NVD
Page 1 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy