{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/nvidia/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.7,"id":"CVE-2026-24177"}],"_cs_exploited":true,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["vulnerability","authentication-bypass","nvidia"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-24177 details a security flaw within the NVIDIA KAI Scheduler. This vulnerability stems from a lack of proper authentication mechanisms for critical API endpoints. An attacker exploiting this flaw could potentially bypass authorization checks and gain unauthorized access to sensitive functionalities. Successful exploitation leads to information disclosure. The affected product is NVIDIA KAI Scheduler. As of April 2026, exploitation in the wild has not been confirmed, but the potential impact warrants immediate attention from security teams. This vulnerability allows an attacker with network access to the KAI Scheduler to retrieve sensitive information without proper authorization.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an exposed NVIDIA KAI Scheduler instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting an API endpoint lacking authentication (CWE-306).\u003c/li\u003e\n\u003cli\u003eThe attacker sends the request to the KAI Scheduler.\u003c/li\u003e\n\u003cli\u003eDue to the missing authentication check, the KAI Scheduler processes the request without verifying the attacker\u0026rsquo;s identity.\u003c/li\u003e\n\u003cli\u003eThe KAI Scheduler returns sensitive information to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the disclosed information for further exploitation.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the disclosed information to access other systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-24177 enables an attacker to bypass authentication and access sensitive information managed by the NVIDIA KAI Scheduler. The type of information exposed depends on the specific API endpoint accessed, and could include configuration data, user credentials, or internal system details. The NIST advisory assigns a CVSS v3.1 base score of 7.7 (HIGH), highlighting the significant risk of information disclosure.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to NVIDIA KAI Scheduler API endpoints (webserver category, product linux/windows).\u003c/li\u003e\n\u003cli\u003eInspect network traffic for unauthorized access to NVIDIA KAI Scheduler API endpoints (network_connection category).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules provided to detect potential exploitation attempts against NVIDIA KAI Scheduler.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-22T12:00:00Z","date_published":"2026-04-22T12:00:00Z","id":"/briefs/2026-04-nvidia-kai-auth-bypass/","summary":"CVE-2026-24177 describes an authentication bypass vulnerability in NVIDIA KAI Scheduler that could allow unauthorized access to API endpoints, leading to information disclosure.","title":"NVIDIA KAI Scheduler Authentication Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-nvidia-kai-auth-bypass/"},{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-24189","out-of-bounds read","nvidia"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eNVIDIA CUDA-Q contains a vulnerability identified as CVE-2026-24189 that allows an unauthenticated attacker to trigger an out-of-bounds read. This vulnerability exists in an unspecified endpoint of the CUDA-Q software. By sending a maliciously crafted request, an attacker can potentially read sensitive information from memory or cause a denial-of-service condition. This vulnerability has a CVSS v3.1 score of 8.2, indicating a high severity. Successful exploitation can lead to both information disclosure and service disruption, impacting the confidentiality and availability of systems running vulnerable versions of CUDA-Q. This is particularly concerning for systems processing sensitive data or providing critical services.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable CUDA-Q endpoint exposed over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request designed to trigger an out-of-bounds read. This likely involves manipulating request parameters to access memory outside of the intended buffer.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious request to the vulnerable CUDA-Q endpoint.\u003c/li\u003e\n\u003cli\u003eThe CUDA-Q software processes the request without proper bounds checking.\u003c/li\u003e\n\u003cli\u003eThe software attempts to read memory outside of the allocated buffer, triggering an out-of-bounds read condition.\u003c/li\u003e\n\u003cli\u003eIf the out-of-bounds read is successful, the attacker gains access to sensitive information stored in memory.\u003c/li\u003e\n\u003cli\u003eThe attacker may cause a denial-of-service condition by triggering a crash or unexpected behavior due to the memory access violation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-24189 can lead to a denial of service, rendering the CUDA-Q service unavailable. Additionally, the out-of-bounds read can expose sensitive information stored in memory, potentially leading to further compromise. The severity of the impact depends on the nature of the data accessible via the out-of-bounds read. Sectors relying on CUDA-Q for computationally intensive tasks are at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests targeting CUDA-Q endpoints to detect potential exploitation attempts (category: webserver, product: linux).\u003c/li\u003e\n\u003cli\u003eApply any available patches or updates from NVIDIA to address the CVE-2026-24189 vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule to detect suspicious HTTP requests (rules).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-21T17:16:23Z","date_published":"2026-04-21T17:16:23Z","id":"/briefs/2026-04-cuda-q-oob-read/","summary":"NVIDIA CUDA-Q is vulnerable to an out-of-bounds read via a maliciously crafted request to an endpoint, potentially leading to denial of service and information disclosure as tracked by CVE-2026-24189.","title":"NVIDIA CUDA-Q Out-of-Bounds Read Vulnerability (CVE-2026-24189)","url":"https://feed.craftedsignal.io/briefs/2026-04-cuda-q-oob-read/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-24146"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-24146","denial-of-service","nvidia","triton"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eNVIDIA Triton Inference Server is susceptible to a denial-of-service (DoS) vulnerability identified as CVE-2026-24146. This flaw stems from insufficient input validation within the server software. An attacker can exploit this by sending specially crafted requests with a large number of expected outputs to the server. If successful, this causes excessive memory allocation leading to a server crash, rendering the service unavailable to legitimate users. This vulnerability impacts any organization utilizing affected versions of the NVIDIA Triton Inference Server. Publicly available information regarding affected versions is limited, but it is critical that organizations monitor for updates and apply necessary patches promptly.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable NVIDIA Triton Inference Server instance.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request designed to trigger excessive output generation.\u003c/li\u003e\n\u003cli\u003eThe crafted request is sent to the Triton Inference Server via HTTP or gRPC.\u003c/li\u003e\n\u003cli\u003eThe server receives the request and attempts to process it.\u003c/li\u003e\n\u003cli\u003eDue to insufficient input validation, the server allocates an excessive amount of memory.\u003c/li\u003e\n\u003cli\u003eRepeated requests exhaust available memory resources.\u003c/li\u003e\n\u003cli\u003eThe server crashes due to an out-of-memory condition.\u003c/li\u003e\n\u003cli\u003eLegitimate users are unable to access the inference server, resulting in a denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-24146 leads to a denial-of-service condition on the NVIDIA Triton Inference Server. This can disrupt AI inference workloads, potentially impacting critical applications that rely on these services. The impact is significant for organizations that depend on the availability of their AI models for real-time decision-making or other operational needs. The specific number of affected organizations is unknown, but any organization using a vulnerable version of the Triton Inference Server is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to a non-vulnerable version of NVIDIA Triton Inference Server as soon as it is available from NVIDIA to remediate CVE-2026-24146.\u003c/li\u003e\n\u003cli\u003eImplement input validation on the server-side to prevent malicious requests with excessive output parameters; this is a general mitigation strategy since specific filters are unavailable.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious Triton Inference Server Requests\u003c/code\u003e to identify potential exploitation attempts targeting the vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs (category \u003ccode\u003ewebserver\u003c/code\u003e, product \u003ccode\u003elinux\u003c/code\u003e) for unusual request patterns that may indicate exploitation attempts, focusing on cs-uri-query parameters related to output size or count.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T18:16:39Z","date_published":"2026-04-07T18:16:39Z","id":"/briefs/2026-04-nvidia-triton-dos/","summary":"NVIDIA Triton Inference Server is vulnerable to denial of service due to insufficient input validation that, when combined with a large number of outputs, can cause a server crash.","title":"NVIDIA Triton Inference Server Denial-of-Service Vulnerability (CVE-2026-24146)","url":"https://feed.craftedsignal.io/briefs/2026-04-nvidia-triton-dos/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-24156"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-24156","deserialization","nvidia","dali"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-24156 describes a deserialization of untrusted data vulnerability within NVIDIA DALI. This vulnerability could allow an attacker to execute arbitrary code on a vulnerable system. According to NVIDIA\u0026rsquo;s advisory, a successful exploit requires local access, a low level of privileges, and user interaction. The CVSS v3.1 score is rated as 7.3 (HIGH). The vulnerability was reported on April 7, 2026. Successful exploitation could allow an attacker to compromise the confidentiality, integrity, and availability of the system. This is a critical vulnerability for systems utilizing NVIDIA DALI, especially those processing external or untrusted data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker gains local access to a system running NVIDIA DALI, possibly through social engineering or physical access.\u003c/li\u003e\n\u003cli\u003eThe attacker prepares a malicious serialized data object designed to exploit the deserialization vulnerability in DALI.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages user interaction to trigger the deserialization process within DALI, potentially through a crafted input file or command-line argument.\u003c/li\u003e\n\u003cli\u003eDuring deserialization, the malicious object executes arbitrary code due to the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the DALI process, potentially escalating privileges within the application context.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised DALI process to execute commands on the host operating system.\u003c/li\u003e\n\u003cli\u003eThe attacker compromises the system, potentially installing malware, exfiltrating sensitive data, or causing denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-24156 can lead to arbitrary code execution on systems running NVIDIA DALI. This could result in complete system compromise, including data theft, system corruption, and denial of service. Given the CVSS score of 7.3, the impact is considered high, as successful exploitation can severely impact confidentiality, integrity, and availability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch or upgrade to the version of NVIDIA DALI that addresses CVE-2026-24156, as described in NVIDIA\u0026rsquo;s advisory.\u003c/li\u003e\n\u003cli\u003eImplement least privilege principles to limit the impact of potential code execution.\u003c/li\u003e\n\u003cli\u003eMonitor systems for suspicious process execution originating from DALI processes to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM and tune for your environment.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-07T18:16:39Z","date_published":"2026-04-07T18:16:39Z","id":"/briefs/2026-04-nvidia-dali-deserialization/","summary":"NVIDIA DALI contains a deserialization of untrusted data vulnerability, identified as CVE-2026-24156, which may lead to arbitrary code execution.","title":"NVIDIA DALI Deserialization Vulnerability (CVE-2026-24156)","url":"https://feed.craftedsignal.io/briefs/2026-04-nvidia-dali-deserialization/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-24164"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve","deserialization","nvidia"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA deserialization of untrusted data vulnerability has been identified in NVIDIA BioNeMo (CVE-2026-24164). This vulnerability allows a malicious actor to potentially inject arbitrary code, trigger a denial-of-service condition, expose sensitive information, or tamper with data within the BioNeMo environment. The vulnerability stems from BioNeMo\u0026rsquo;s processing of serialized data, which, if crafted maliciously, can lead to unintended code execution or system compromise. The reported CVSS v3.1 score is 8.8, indicating a high severity. The vendor, NVIDIA, has acknowledged the vulnerability, but specific exploitation details and affected versions are not available in the provided source.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies an endpoint or functionality within NVIDIA BioNeMo that accepts serialized data as input.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious serialized object designed to exploit the deserialization vulnerability. This object could contain instructions to execute arbitrary code, read sensitive files, or modify application data.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious serialized object to the vulnerable BioNeMo endpoint. This could be done via a web request, API call, or other data submission mechanism.\u003c/li\u003e\n\u003cli\u003eBioNeMo attempts to deserialize the received data.\u003c/li\u003e\n\u003cli\u003eDuring the deserialization process, the malicious object triggers the execution of attacker-controlled code due to the vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the BioNeMo application process or underlying server.\u003c/li\u003e\n\u003cli\u003eThe attacker performs malicious actions such as exfiltrating sensitive data, installing malware, or disrupting services.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves their objective, which could include data breach, system compromise, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-24164 can have severe consequences. It could lead to the execution of arbitrary code on the BioNeMo server, allowing attackers to gain unauthorized access and control. Sensitive data processed by BioNeMo could be exposed, leading to a data breach. The vulnerability could also be exploited to cause a denial of service, disrupting BioNeMo\u0026rsquo;s functionality. Data tampering is also a potential consequence, leading to data integrity issues and potentially impacting downstream processes that rely on BioNeMo. The number of potential victims and targeted sectors are unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests containing serialized data being sent to NVIDIA BioNeMo endpoints, and deploy the Sigma rule \u003ccode\u003eDetect Suspicious BioNeMo Deserialization Attempts\u003c/code\u003e to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eInspect network traffic for unusual data patterns related to serialization protocols and correlate with BioNeMo activity, to aid in identifying potential exploitation attempts targeting CVE-2026-24164.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events on servers hosting NVIDIA BioNeMo for unexpected processes being spawned by the BioNeMo application, using the \u003ccode\u003eDetect BioNeMo Child Process\u003c/code\u003e Sigma rule to catch unexpected child processes.\u003c/li\u003e\n\u003cli\u003eApply any available patches or updates released by NVIDIA to address CVE-2026-24164 as soon as they become available. Refer to NVIDIA\u0026rsquo;s security advisory for remediation guidance.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-31T17:17:41Z","date_published":"2026-03-31T17:17:41Z","id":"/briefs/2026-04-nvidia-bionemo-deserialization/","summary":"NVIDIA BioNeMo is vulnerable to deserialization of untrusted data (CVE-2026-24164), potentially leading to code execution, denial of service, information disclosure, and data tampering.","title":"NVIDIA BioNeMo Deserialization Vulnerability (CVE-2026-24164)","url":"https://feed.craftedsignal.io/briefs/2026-04-nvidia-bionemo-deserialization/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.6,"id":"CVE-2026-24154"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-24154","nvidia","jetson","initrd","command injection","privilege escalation"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-24154 affects NVIDIA Jetson Linux and stems from a flaw within the initrd (initial RAM disk) process.  An unprivileged attacker with physical access to a vulnerable device can inject malicious command-line arguments during the boot process. This injection can subvert the intended system initialization, leading to a variety of severe consequences.  The vulnerability was published on March 31, 2026, and has a CVSS v3.1 score of 7.6. The affected versions of Jetson Linux are not specified in the source.  Successful exploitation allows attackers to execute arbitrary code, escalate privileges, cause denial of service, tamper with data, and disclose sensitive information. Defenders should focus on securing physical access and monitoring boot processes for unauthorized modifications.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains physical access to the NVIDIA Jetson device.\u003c/li\u003e\n\u003cli\u003eAttacker interrupts the boot process to gain access to the bootloader. This may involve pressing specific keys during startup or utilizing hardware tools.\u003c/li\u003e\n\u003cli\u003eAttacker modifies the kernel command line arguments passed to the initrd. This is achieved by manipulating bootloader settings.\u003c/li\u003e\n\u003cli\u003eThe modified command line arguments inject malicious commands or alter the execution path within the initrd environment.\u003c/li\u003e\n\u003cli\u003eDuring initrd execution, the injected commands are processed, leading to code execution within the early boot environment. This bypasses normal user authentication and security measures.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the initial code execution to escalate privileges by exploiting vulnerabilities within the initrd environment or system binaries.\u003c/li\u003e\n\u003cli\u003eWith escalated privileges, the attacker gains control over the system, enabling them to install persistent backdoors, tamper with system configurations, or exfiltrate sensitive data.\u003c/li\u003e\n\u003cli\u003eThe final objective is achieved, which can range from complete system compromise and data theft to denial-of-service attacks.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-24154 can lead to a complete compromise of the NVIDIA Jetson Linux device. The attacker can achieve code execution, escalate privileges, and gain persistent access. This could result in data breaches, system instability, and the deployment of malicious software. While the number of potential victims and specific sectors targeted are not mentioned in the source, the vulnerability affects devices used in various embedded systems, robotics, and edge computing applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRestrict physical access to NVIDIA Jetson devices to prevent unauthorized manipulation of the boot process.\u003c/li\u003e\n\u003cli\u003eMonitor boot logs and system events for unusual command-line arguments or modifications to the initrd environment. Deploy the Sigma rule \u003ccode\u003eDetect Modified Kernel Command Line\u003c/code\u003e to identify suspicious boot activity.\u003c/li\u003e\n\u003cli\u003eConsider implementing secure boot mechanisms to prevent unauthorized modifications to the bootloader and kernel.\u003c/li\u003e\n\u003cli\u003eInvestigate any unauthorized access attempts or physical tampering with Jetson devices.\u003c/li\u003e\n\u003cli\u003eApply any available patches or updates from NVIDIA to mitigate the vulnerability when they become available via NVIDIA\u0026rsquo;s customer support portal referenced in the advisory.\u003c/li\u003e\n\u003cli\u003eMonitor network connections originating from the device after boot for unexpected or malicious activity, using network connection logs, to identify potential exploitation attempts.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-31T17:16:30Z","date_published":"2026-03-31T17:16:30Z","id":"/briefs/2026-03-nvidia-jetson-initrd-vuln/","summary":"CVE-2026-24154 is a vulnerability in NVIDIA Jetson Linux where an unprivileged attacker with physical access can inject incorrect command line arguments into initrd, potentially leading to code execution, privilege escalation, denial of service, data tampering, and information disclosure.","title":"NVIDIA Jetson Linux initrd Command Injection Vulnerability (CVE-2026-24154)","url":"https://feed.craftedsignal.io/briefs/2026-03-nvidia-jetson-initrd-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed — Nvidia","version":"https://jsonfeed.org/version/1.1"}