Skip to main content
ZDI-CAN-28649 HIGH 7.8 Overdue Jan 06, 2026

NVIDIA

NVIDIA, a leading manufacturer of graphics processors and AI computing hardware, has a high-severity local vulnerability (CVSS 7.8) that requires user interaction but no authentication to exploit, potentially allowing attackers with local access to compromise confidentiality, integrity, and system availability. The vulnerability is locally exploitable through a user-initiated action on the target system, making it a concern primarily for multi-user systems or those with physical access threats. Security teams should monitor for patches from NVIDIA due by May 2026 and prioritize systems running NVIDIA software in shared or physically accessible environments.

Advisory Details
Researcher Discovered by: Javohir Abduxalilov
Reported January 06, 2026
Deadline May 06, 2026 72d overdue
CVSS Vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy