54
CVEs
4
Critical
36
High
0
KEV
0
PoC
35
Unpatched C/H
13.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
4
HIGH
36
MEDIUM
13
LOW
0
Monthly CVE Trend
Affected Products (17)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-41512 | Remote code execution in ai-scanner versions 1.0.0 through 1.4.0 allows authenticated attackers to inject and execute arbitrary JavaScript code via the BrowserAutomation::PlaywrightService component. The vulnerability has a Critical CVSS score of 9.9 with scope change, enabling cross-boundary compromise of confidentiality, integrity, and availability. Vendor-released patch available in version 1.4.1 as of April 13, 2026, with GitHub Security Advisory GHSA-r27j-xxgx-f5vr confirming the fix. | CRITICAL | 9.9 | 0.2% | 50 |
|
| CVE-2026-24178 | Authentication bypass in NVIDIA NVFlare Dashboard allows remote unauthenticated attackers to escalate privileges through user-controlled key manipulation in the authentication system. The vulnerability affects the NVIDIA Flare SDK and enables complete system compromise including arbitrary code execution, data tampering, information disclosure, and denial of service. With a CVSS score of 9.8 (critical severity) and maximum exploitability metrics (AV:N/AC:L/PR:N/UI:N), this represents a severe security flaw requiring immediate remediation, though no active exploitation (KEV) or public exploit code has been identified at time of analysis. | CRITICAL | 9.8 | 0.1% | 49 |
|
| CVE-2026-24207 | Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected functionality over the network, potentially chaining to code execution, privilege escalation, data tampering, denial of service, or information disclosure. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) reflects a critical severity issue affecting an AI/ML inference platform commonly deployed in production model-serving environments. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV. | CRITICAL | 9.8 | 0.1% | 49 |
No patch
|
| CVE-2025-33244 | NVIDIA APEX for Linux contains a deserialization of untrusted data vulnerability that affects environments using PyTorch versions earlier than 2.6. An attacker with low privileges on an adjacent network can exploit this flaw to achieve code execution, denial of service, privilege escalation, data tampering, and information disclosure with scope change (CVSS 9.0 Critical). No KEV listing or public POC availability has been reported at this time. | CRITICAL | 9.0 | 0.0% | 45 |
No patch
|
| CVE-2026-24217 | Path traversal in NVIDIA BioNeMo Core for Linux allows remote attackers to escape intended directory boundaries when a user is induced to load a malicious file, enabling code execution, information disclosure, data tampering, or denial of service. The flaw carries a high CVSS score of 8.8 driven by network reachability and full CIA impact, though exploitation requires user interaction; no public exploit identified at time of analysis. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-24186 | Remote code execution in NVIDIA FLARE SDK allows authenticated attackers to execute arbitrary code by sending maliciously crafted FOBS-encoded messages that exploit unsafe deserialization in the FOBS component. The vulnerability affects federated learning deployments where NVIDIA FLARE SDK processes messages from low-privileged authenticated users, enabling complete system compromise with high impact to confidentiality, integrity, and availability. No active exploitation confirmed (not in CISA KEV) and public exploit status unknown at time of analysis. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-24164 | Insecure deserialization in NVIDIA BioNeMo Framework enables remote code execution when attackers can induce users to process malicious serialized data. This vulnerability (CWE-502) affects the BioNeMo Framework with network-reachable attack surface (AV:N) and low complexity (AC:L), requiring only user interaction (UI:R) but no authentication (PR:N). The CVSS 8.8 rating reflects critical impacts across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the deserialization vulnerability class is well-understood and commonly exploited. EPSS data not available for this CVE. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-24222 | Remote unauthenticated attackers can exfiltrate sensitive host environment variables from NVIDIA NeMoClaw by injecting malicious prompts that bypass sandbox access controls. The vulnerability affects the sandbox initialization component and enables information disclosure without requiring any authentication or user interaction (CVSS 8.6, AV:N/AC:L/PR:N/UI:N). Cross-scope impact (S:C) indicates the attack breaks out of the intended sandbox boundary to access host-level secrets. EPSS and KEV status not available; this appears to be a recently disclosed AI/LLM agent security issue. | HIGH | 8.6 | 0.0% | 43 |
No patch
|
| CVE-2026-40171 | Stored XSS in Jupyter Notebook's CommandLinker feature enables authentication token theft through malicious notebook files, leading to complete account takeover. Attackers craft notebook files with disguised controls that, when clicked once by victims, execute arbitrary code via the Jupyter REST API, granting full filesystem access and kernel control. Reported by NVIDIA AI Red Team. Vendor-released patches available: Jupyter Notebook 7.5.6 and JupyterLab 4.5.7. No public exploit code identified at time of analysis, but proof-of-concept demonstrated internally by NVIDIA researchers. This vulnerability targets data science and ML engineering environments where notebook sharing is common practice. | HIGH | 8.4 | 0.1% | 42 |
|
| CVE-2026-24148 | NVIDIA Jetson system initialization flaw allows authenticated remote attackers to exploit insecure default machine IDs, enabling cross-device information disclosure of encrypted data and tampering. Affects JetPack on Xavier and Orin series devices. CVSS 8.3 (High) with network attack vector and low complexity. EPSS data not available; no confirmed active exploitation (CISA KEV status not present). The vulnerability enables attackers with low-level privileges to compromise multiple devices sharing identical default machine identifiers, undermining cryptographic protections and system integrity across the device fleet. | HIGH | 8.3 | 0.0% | 42 |
No patch
|
| CVE-2026-24189 | Out-of-bounds read in NVIDIA CUDA-Q endpoint allows remote unauthenticated attackers to crash services and disclose sensitive memory contents via malformed network requests. The vulnerability affects an exposed network endpoint with no authentication barrier (CVSS AV:N/AC:L/PR:N/UI:N), enabling trivial exploitation against internet-facing deployments. EPSS data not available; no CISA KEV listing or public POC identified at time of analysis, suggesting exploitation remains theoretical or limited to targeted scenarios. | HIGH | 8.2 | 0.0% | 41 |
No patch
|
| CVE-2026-24188 | Out-of-bounds write in NVIDIA TensorRT allows remote attackers to corrupt memory and tamper with data processed by the inference engine, per NVIDIA's own advisory (KB 5836). The CVSS 8.2 score reflects high integrity impact with no privileges or user interaction required, though confidentiality is unaffected. No public exploit identified at time of analysis and the issue is not listed in CISA KEV. | HIGH | 8.2 | 0.0% | 41 |
No patch
|
| CVE-2026-24218 | Host impersonation and machine-in-the-middle attacks against NVIDIA DGX OS systems are possible because the factory provisioning process clones a base image that ships identical SSH host keys onto every similarly provisioned system, primarily affecting DGX Spark deployments. With a CVSS of 8.1 and a CWE-321 (Use of Hard-Coded Cryptographic Key) root cause, an unauthenticated network attacker who possesses the shared key material from any one device can impersonate peers, potentially leading to code execution, data tampering, privilege escalation, information disclosure, or denial of service. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV. | HIGH | 8.1 | 0.0% | 41 |
No patch
|
| CVE-2026-24213 | Out-of-bounds read in the DALI backend of NVIDIA Triton Inference Server allows authenticated remote attackers to trigger memory disclosure that may escalate to code execution, data tampering, or denial of service. The flaw carries a CVSS 8.0 (High) rating reflecting low-privilege network access with required user interaction, and no public exploit identified at time of analysis. NVIDIA has published a security bulletin addressing the issue. | HIGH | 8.0 | 0.0% | 40 |
No patch
|
| CVE-2026-24214 | Integer overflow in the DALI backend of NVIDIA Triton Inference Server allows authenticated remote attackers to trigger memory corruption that may result in code execution, data tampering, or denial of service. The flaw requires low-level privileges plus user interaction (CVSS 8.0, AV:N/AC:L/PR:L/UI:R) and affects deployments exposing the DALI inference pipeline. No public exploit identified at time of analysis. | HIGH | 8.0 | 0.0% | 40 |
No patch
|