231
CVEs
14
Critical
141
High
0
KEV
2
PoC
136
Unpatched C/H
13.9%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
14
HIGH
141
MEDIUM
60
LOW
16
Monthly CVE Trend
Affected Products (30)
Gpu Driver
127
Virtual Gpu
95
Gpu Display Driver
65
Linux Kernel
56
Android
46
Virtual Gpu Manager
42
Cuda Toolkit
41
Triton Inference Server
40
Windows
39
Cloud Gaming
37
Jetson Linux
36
Geforce Experience
33
Dgx A100 Firmware
19
Python
16
Nemo
15
Dgx H100 Firmware
15
Dgx Os
14
Megatron Bridge
13
Tensorrt Llm
12
Mac Os X
12
Debian Linux
12
Shield Experience
11
Bmc Firmware
9
Jetson Tx1
9
Quadro M620
8
Shield Tv
8
Geforce Gtx 950
8
Geforce Gtx Titan X
8
Quadro M5000
8
Tesla M10
8
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-24207 | Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected functionality over the network, potentially chaining to code execution, privilege escalation, data tampering, denial of service, or information disclosure. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) reflects a critical severity issue affecting an AI/ML inference platform commonly deployed in production model-serving environments. No public exploit identified at time of analysis, and the CVE is not currently listed in CISA KEV. | CRITICAL | 9.8 | 0.1% | 69 |
PoC
No patch
|
| CVE-2026-41512 | Remote code execution in ai-scanner versions 1.0.0 through 1.4.0 allows authenticated attackers to inject and execute arbitrary JavaScript code via the BrowserAutomation::PlaywrightService component. The vulnerability has a Critical CVSS score of 9.9 with scope change, enabling cross-boundary compromise of confidentiality, integrity, and availability. Vendor-released patch available in version 1.4.1 as of April 13, 2026, with GitHub Security Advisory GHSA-r27j-xxgx-f5vr confirming the fix. | CRITICAL | 9.9 | 0.2% | 50 |
|
| CVE-2026-24178 | Authentication bypass in NVIDIA NVFlare Dashboard allows remote unauthenticated attackers to escalate privileges through user-controlled key manipulation in the authentication system. The vulnerability affects the NVIDIA Flare SDK and enables complete system compromise including arbitrary code execution, data tampering, information disclosure, and denial of service. With a CVSS score of 9.8 (critical severity) and maximum exploitability metrics (AV:N/AC:L/PR:N/UI:N), this represents a severe security flaw requiring immediate remediation, though no active exploitation (KEV) or public exploit code has been identified at time of analysis. | CRITICAL | 9.8 | 0.1% | 49 |
|
| CVE-2026-24270 | Authentication bypass in NVIDIA AIStore, a scalable distributed object-storage framework for AI/ML data pipelines, lets a remote attacker circumvent access controls (CWE-290) and reach protected functionality without valid credentials. Because the flaw yields full confidentiality, integrity, and availability impact (CVSS 9.8), successful exploitation can enable information disclosure of stored datasets, tampering with training data, privilege escalation, and denial of service. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV. | CRITICAL | 9.8 | 0.8% | 49 |
No patch
|
| CVE-2026-55447 | Arbitrary file read leading to remote code execution affects Langflow versions prior to 1.9.2 in any flow that uses BaseFileComponent-derived nodes (Read File, Docling, Docling Serve, NVIDIA Retriever Extraction, Video File, Unstructured API). An attacker who can submit a TAR archive containing symlinks - for example through a RAG ingestion pipeline that accepts user documents - causes the server to follow those links and ingest arbitrary host files such as Langflow's JWT secret_key, which can then be used to forge admin tokens and execute Python via the Code Interpreter node. Publicly available exploit code exists (researcher-published PoC archive and demo video); not listed in CISA KEV. | CRITICAL | 9.6 | 0.3% | 48 |
|
| CVE-2026-53805 | Unauthenticated remote code execution in NVIDIA Spatial Intelligence Lab's GEN3C inference API server allows network attackers to execute arbitrary Python code by sending crafted pickle payloads to the /request-inference and /seed-model endpoints. The endpoints feed raw HTTP bodies directly into pickle.loads() with no authentication or validation, so a standard __reduce__ gadget yields code execution as the inference process. No public exploit identified at time of analysis, but the upstream patch and a VulnCheck advisory document the precise vulnerable code path. | CRITICAL | 9.3 | 0.7% | 47 |
|
| CVE-2026-62239 | Arbitrary file write via symlink attack in FlashAttention's build toolchain (through 2.8.3.post1) allows a local low-privileged attacker to redirect NVIDIA archive extraction to attacker-controlled paths by pre-planting a symlink in the predictable cache directory before a victim initiates a build. The hopper/setup.py download_and_copy() function called tarfile.extractall() without symlink validation or path confinement, meaning extracted NVIDIA toolchain binaries could be written anywhere accessible to the victim's process. No active exploitation is confirmed in CISA KEV, but a publicly available proof-of-concept exists at GitHub issue #2637 and a vendor patch is available in commit 0816ef1. | MEDIUM | 5.3 | 0.1% | 47 |
PoC
|
| CVE-2025-33187 | NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | CRITICAL | 9.3 | 0.0% | 46 |
No patch
|
| CVE-2025-33244 | NVIDIA APEX for Linux contains a deserialization of untrusted data vulnerability that affects environments using PyTorch versions earlier than 2.6. An attacker with low privileges on an adjacent network can exploit this flaw to achieve code execution, denial of service, privilege escalation, data tampering, and information disclosure with scope change (CVSS 9.0 Critical). No KEV listing or public POC availability has been reported at this time. | CRITICAL | 9.0 | 0.0% | 45 |
No patch
|
| CVE-2025-23350 | Out-of-bounds write in the command interface of NVIDIA ConnectX network adapters and BlueField DPUs allows a local user holding an assigned virtual function (VF) to corrupt device memory via crafted input, potentially achieving arbitrary code execution on the device itself. Because the flaw sits at the firmware command interface reachable from a SR-IOV guest, a successful exploit crosses the guest/device trust boundary (CVSS scope-changed, base 9.0) and can compromise the host that owns the adapter. This is a vendor-reported issue with no public exploit identified at time of analysis and no CISA KEV listing. | CRITICAL | 9.0 | 0.3% | 45 |
No patch
|
| CVE-2025-23351 | Out-of-bounds write in the command interface of NVIDIA ConnectX SmartNICs and BlueField DPUs allows a local user holding virtual function (VF) access - typically a tenant inside a guest VM - to corrupt device memory via crafted input and potentially achieve arbitrary code execution on the network device itself. Because the CVSS scope is Changed (S:C), a successful exploit crosses the VF isolation boundary and threatens the host and other tenants, making this a serious multi-tenant/cloud isolation-breakout risk. There is no public exploit identified at time of analysis and it is not listed in CISA KEV. | CRITICAL | 9.0 | 0.3% | 45 |
No patch
|
| CVE-2026-24217 | Path traversal in NVIDIA BioNeMo Core for Linux allows remote attackers to escape intended directory boundaries when a user is induced to load a malicious file, enabling code execution, information disclosure, data tampering, or denial of service. The flaw carries a high CVSS score of 8.8 driven by network reachability and full CIA impact, though exploitation requires user interaction; no public exploit identified at time of analysis. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-24186 | Remote code execution in NVIDIA FLARE SDK allows authenticated attackers to execute arbitrary code by sending maliciously crafted FOBS-encoded messages that exploit unsafe deserialization in the FOBS component. The vulnerability affects federated learning deployments where NVIDIA FLARE SDK processes messages from low-privileged authenticated users, enabling complete system compromise with high impact to confidentiality, integrity, and availability. No active exploitation confirmed (not in CISA KEV) and public exploit status unknown at time of analysis. | HIGH | 8.8 | 0.1% | 44 |
No patch
|
| CVE-2026-24164 | Insecure deserialization in NVIDIA BioNeMo Framework enables remote code execution when attackers can induce users to process malicious serialized data. This vulnerability (CWE-502) affects the BioNeMo Framework with network-reachable attack surface (AV:N) and low complexity (AC:L), requiring only user interaction (UI:R) but no authentication (PR:N). The CVSS 8.8 rating reflects critical impacts across confidentiality, integrity, and availability. No public exploit identified at time of analysis, though the deserialization vulnerability class is well-understood and commonly exploited. EPSS data not available for this CVE. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-24187 | Local privilege escalation and code execution in the NVIDIA Display Driver for Linux (GeForce, RTX/Quadro/NVS, Tesla, and vGPU Guest/Manager components) stems from a use-after-free memory corruption flaw (CWE-416) that a local low-privileged user can trigger to compromise the kernel-level driver. The scope-changed CVSS 8.8 score reflects that successful exploitation crosses a trust boundary, potentially yielding code execution, privilege escalation, information disclosure, data tampering, or denial of service. EPSS is 0.01% (1st percentile) and there is no public exploit identified at time of analysis, but a vendor patch is available across all affected branches. | HIGH | 8.8 | 0.0% | 44 |
|