{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-24189/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-24189","out-of-bounds read","nvidia"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eNVIDIA CUDA-Q contains a vulnerability identified as CVE-2026-24189 that allows an unauthenticated attacker to trigger an out-of-bounds read. This vulnerability exists in an unspecified endpoint of the CUDA-Q software. By sending a maliciously crafted request, an attacker can potentially read sensitive information from memory or cause a denial-of-service condition. This vulnerability has a CVSS v3.1 score of 8.2, indicating a high severity. Successful exploitation can lead to both information disclosure and service disruption, impacting the confidentiality and availability of systems running vulnerable versions of CUDA-Q. This is particularly concerning for systems processing sensitive data or providing critical services.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable CUDA-Q endpoint exposed over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request designed to trigger an out-of-bounds read. This likely involves manipulating request parameters to access memory outside of the intended buffer.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious request to the vulnerable CUDA-Q endpoint.\u003c/li\u003e\n\u003cli\u003eThe CUDA-Q software processes the request without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eThe software attempts to read memory outside of the allocated buffer, triggering an out-of-bounds read condition.\u003c/li\u003e\n\u003cli\u003eIf the out-of-bounds read is successful, the attacker gains access to sensitive information stored in memory.\u003c/li\u003e\n\u003cli\u003eThe attacker may cause a denial-of-service condition by triggering a crash or unexpected behavior due to the memory access violation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-24189 can lead to a denial of service, rendering the CUDA-Q service unavailable. Additionally, the out-of-bounds read can expose sensitive information stored in memory, potentially leading to further compromise. The severity of the impact depends on the nature of the data accessible via the out-of-bounds read. Sectors relying on CUDA-Q for computationally intensive tasks are at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting CUDA-Q endpoints to detect potential exploitation attempts (category: webserver, product: linux).\u003c/li\u003e\n\u003cli\u003eApply any available patches or updates from NVIDIA to address the CVE-2026-24189 vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect suspicious HTTP requests (rules).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-21T17:16:23Z","date_published":"2026-04-21T17:16:23Z","id":"/briefs/2026-04-cuda-q-oob-read/","summary":"NVIDIA CUDA-Q is vulnerable to an out-of-bounds read via a maliciously crafted request to an endpoint, potentially leading to denial of service and information disclosure as tracked by CVE-2026-24189.","title":"NVIDIA CUDA-Q Out-of-Bounds Read Vulnerability (CVE-2026-24189)","url":"https://feed.craftedsignal.io/briefs/2026-04-cuda-q-oob-read/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-24189","version":"https://jsonfeed.org/version/1.1"}