PatchSiren cyber security CVE debrief
CVE-2026-24193 NVIDIA CVE debrief
NVIDIA Display Driver for Windows and Linux contains an out-of-bounds write vulnerability (CWE-787) with a CVSS 3.1 score of 7.8 (HIGH). The vulnerability was published to the NVD on 2026-05-26 and is currently undergoing analysis. A successful exploit could result in denial of service, privilege escalation, information disclosure, data tampering, or code execution. The attack vector is local (AV:L) with low attack complexity (AC:L) and low privileges required (PR:L), requiring no user interaction (UI:N). The confidentiality, integrity, and availability impacts are all rated HIGH. NVIDIA has published security guidance via their customer help portal. Organizations using affected NVIDIA Display Driver versions on Windows or Linux should monitor for vendor security updates and apply patches when available.
- Vendor
- NVIDIA
- Product
- GeForce
- CVSS
- HIGH 7.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-26
- Original CVE updated
- 2026-05-26
- Advisory published
- 2026-05-26
- Advisory updated
- 2026-05-26
Who should care
Organizations running NVIDIA Display Driver on Windows or Linux workstations and servers; security teams managing endpoint and server graphics driver deployments; compliance teams tracking high-severity local privilege escalation vulnerabilities.
Technical summary
Out-of-bounds write in NVIDIA Display Driver for Windows and Linux. Local attack vector with low complexity. Successful exploitation may lead to code execution, privilege escalation, denial of service, information disclosure, or data tampering. CVSS 3.1: 7.8 (HIGH).
Defensive priority
high
Recommended defensive actions
- Monitor NVIDIA security advisories for affected driver versions and patch availability
- Apply NVIDIA Display Driver security updates when released by the vendor
- Review systems with NVIDIA Display Driver installed on Windows and Linux for exposure
- Implement principle of least privilege to limit local attack vector exploitation
- Monitor for anomalous activity related to NVIDIA driver processes
Evidence notes
Source references confirm NVIDIA as the vendor and NVIDIA Display Driver as the affected product. CVSS vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H sourced from NVD record. Weakness classification CWE-787 from [email protected].
Official resources
-
CVE-2026-24193 CVE record
CVE.org
-
CVE-2026-24193 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
NVIDIA PSIRT disclosed this vulnerability via NVD on 2026-05-26. The CVE record indicates the vendor is NVIDIA and the affected product is NVIDIA Display Driver for Windows and Linux. The vulnerability is classified as CWE-787 (Out-of-bouns