These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-24228 is a HIGH severity vulnerability in NVIDIA NeMo Framework for Linux. The vulnerability allows an attacker to cause deserialization of untrusted data, which could lead to code execution, escalation of privileges, data tampering, and information disclosure. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.8.
CVE-2026-24155 is a HIGH severity vulnerability in the NVIDIA NeMo Framework. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. The vulnerability has a CVSS score of 7.8 and was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-24155).
NVIDIA vGPU software contains an out-of-bounds access vulnerability in the virtual GPU manager. The issue is rated MEDIUM severity with a CVSS 3.1 score of 5.8 (AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H). A successful exploit could result in data tampering, denial of service, or information disclosure. The vulnerability was published to the NVD on 2026-05-26 and subsequently modified the same day. The root caus [truncated]
A use-after-free vulnerability in NVIDIA vGPU software's virtual GPU manager allows local attackers with low privileges to potentially achieve denial of service, privilege escalation, information disclosure, data tampering, or code execution. The vulnerability stems from improper handling of stack memory in the virtual GPU manager component. With a CVSS 3.1 score of 7.0 (HIGH), this vulnerability requires [truncated]
A race condition vulnerability exists in NVIDIA Display Driver for Linux within a kernel module. The flaw stems from improper memory ordering controls, allowing a local attacker to trigger a denial of service condition by manipulating compiler or processor memory instruction ordering. The attack requires local access with low privileges, and successful exploitation results in system availability impact wi [truncated]
A race condition vulnerability in NVIDIA GPU Display Driver for Linux allows an advanced attacker with high privileges to leak sensitive memory. The flaw could result in limited information disclosure, denial of service, or data tampering. The CVSS 3.1 score of 5.6 (MEDIUM) reflects local attack vector, low attack complexity, high privileges required, and high availability impact with limited confidential [truncated]
A vulnerability in NVIDIA Display Driver for Linux affects Multi-Instance GPU (MIG) partition management. The issue stems from insecure default initialization of memory subsystem routing resources during partition reconfiguration, which could result in data corruption or system hang. Successful exploitation may lead to denial of service. The vulnerability is classified as CWE-1188 (Insecure Default Initia [truncated]
A high-severity vulnerability in NVIDIA Display Driver for Linux allows local attackers to trigger out-of-bounds reads, potentially causing denial of service and information disclosure. The vulnerability requires local access with low privileges and no user interaction, making it exploitable by authenticated users on affected systems. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) indicates hig [truncated]
A vulnerability in NVIDIA Display Driver for Linux's Unified Virtual Memory (UVM) component allows improper input validation, potentially leading to denial of service. The CVSS 3.1 score of 7.1 (HIGH) reflects local attack vector with low attack complexity, no privileges required, no user interaction, and changed scope, with high availability impact. The vulnerability is classified under CWE-20 (Improper [truncated]
A vulnerability in NVIDIA Display Driver for Linux allows local attackers to exploit improper permission handling in a kernel mode layer handler. The flaw, published 2026-05-26, carries a CVSS 3.1 score of 7.8 (HIGH) with a vector of AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. Successful exploitation could result in denial of service, privilege escalation, information disclosure, data tampering, and code executi [truncated]
NVIDIA Display Driver for Windows and Linux contains an out-of-bounds write vulnerability (CWE-787) with a CVSS 3.1 score of 7.8 (HIGH). The vulnerability was published to the NVD on 2026-05-26 and is currently undergoing analysis. A successful exploit could result in denial of service, privilege escalation, information disclosure, data tampering, or code execution. The attack vector is local (AV:L) with [truncated]
A heap buffer overflow vulnerability in NVIDIA Display Driver for Linux, caused by incorrect numeric type conversion, exposes affected systems to multiple high-impact attack vectors including privilege escalation and code execution. The vulnerability carries a CVSS 3.1 score of 7.8 (HIGH severity) with a local attack vector requiring low privileges but no user interaction. Published by NVIDIA PSIRT on 202 [truncated]
A time-of-check time-of-use (TOCTOU) vulnerability exists in NVIDIA Display Driver for Windows. The flaw stems from a race condition between when a resource is checked and when it is used, allowing an attacker to manipulate the resource state between these two operations. Successful exploitation could result in denial of service, privilege escalation, information disclosure, data tampering, or code execut [truncated]
NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
A use-after-free vulnerability in NVIDIA Display Driver for Linux permits local attackers to trigger memory corruption. The flaw is reachable with low attack complexity from a low-privileged local context, and successful exploitation may result in denial of service, privilege escalation, information disclosure, data tampering, or code execution. The vulnerability is classified as CWE-416 (Use After Free) [truncated]
A vulnerability in NVIDIA Display Driver for Windows and Linux allows an attacker with local access to leak held driver locks, potentially causing denial of service. The issue stems from improper lock handling (CWE-667) and carries a CVSS 3.1 score of 6.5 (Medium severity). The attack requires low complexity and local access with low privileges, but no user interaction. The vulnerability was published to [truncated]
CVE-2025-33221 is a medium-severity vulnerability in NVIDIA Display Driver for Windows and Linux, affecting the kernel driver component. The vulnerability involves incorrect permission assignment for a critical resource (CWE-20), which could allow an authenticated local attacker with high privileges to cause data tampering and denial of service. The CVSS 3.1 vector (AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) in [truncated]
NVIDIA Isaac Launchable for Linux transmits sensitive information in clear text, creating exposure to interception and subsequent exploitation. The vulnerability carries a HIGH severity CVSS 3.1 score of 7.5 with an attack vector of adjacent network (AV:A), high attack complexity (AC:H), and no required privileges or user interaction. Successful exploitation may result in code execution, privilege escalat [truncated]
CVE-2026-24162 is a HIGH severity vulnerability (CVSS 7.8) in NVIDIA Transformers4Rec for Linux, published on 2026-05-26. The vulnerability stems from improper deserialization of untrusted data (CWE-502), which could allow an attacker to achieve code execution, data tampering, and information disclosure. The attack vector is local (AV:L), requires low attack complexity (AC:L), no privileges (PR:N), and us [truncated]
CVE-2026-24218 describes a provisioning flaw in NVIDIA DGX OS where cloning a base image causes identical SSH host keys to be deployed across multiple systems. Reusing the same host identity across hosts weakens SSH trust and can let an attacker impersonate a machine or position as a man-in-the-middle during administration and automation. The published CVSS 3.1 vector indicates network reachability with h [truncated]
NVIDIA BioNeMo Core for Linux is reported to have a path traversal issue that can be triggered by loading a malicious file. The published severity is high (CVSS 8.8), and the stated impact includes code execution, denial of service, information disclosure, and data tampering. The attack requires user interaction, so the practical risk is highest where untrusted files or datasets are opened in BioNeMo Core workflows.
CVE-2026-24216 is a high-severity deserialization vulnerability affecting NVIDIA BioNemo for Linux. According to the CVE/NVD record, a user could trigger deserialization of untrusted data, which may lead to code execution, denial of service, information disclosure, and data tampering. The published CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates local attack conditions and user interaction are [truncated]
CVE-2026-24188 describes an out-of-bounds write in NVIDIA TensorRT. According to the published CVE record, a successful exploit could lead to data tampering. The CVSS vector indicates network-based, low-complexity exploitation with no privileges or user interaction required, making this a high-priority integrity issue for environments that deploy TensorRT.
On 2026-05-20, NVIDIA disclosed CVE-2026-24215 affecting Triton Inference Server’s DALI backend. The issue is classified as uncontrolled resource consumption (CWE-400) and can lead to denial of service. The published CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H, so the primary impact is availability rather than confidentiality or integrity. NVD’s affected CPE criteria marks nvidia:triton_inferen [truncated]
CVE-2026-24214 is a high-severity vulnerability in NVIDIA Triton Inference Server’s DALI backend. According to the vendor-linked record, an attacker could trigger an integer overflow that may result in code execution, data tampering, or denial of service. The NVD record maps the issue to CWE-190 and identifies affected Triton Inference Server versions before 26.03.
CVE-2026-24213 is a high-severity vulnerability in NVIDIA Triton Inference Server’s DALI backend. According to the official records, an attacker could trigger an out-of-bounds read, and successful exploitation might result in code execution, data tampering, denial of service, or information disclosure. The NVD record marks Triton Inference Server versions before 26.03 as affected.
Published on 2026-05-20, CVE-2026-24210 describes an integer overflow in NVIDIA Triton Inference Server that can be exploited remotely to cause denial of service. The issue is rated CVSS 7.5 (HIGH) with network attack vector, no privileges required, and no user interaction needed. According to the official records, affected Triton Inference Server versions are those before 26.03.
CVE-2026-24209 is a network-reachable path traversal issue in NVIDIA Triton Inference Server. According to the vendor and NVD records, a successful exploit could lead to denial of service. The issue was published on 2026-05-20 and is mapped to CWE-22, with an availability-only impact profile.
CVE-2026-24208 is a medium-severity path traversal vulnerability in NVIDIA Triton Inference Server. According to official records, a successful network-based attack with no privileges and no user interaction could result in denial of service. The NVD record maps the issue to CWE-22 and lists affected Triton Inference Server versions before 26.03.
According to the supplied official NVD and NVIDIA PSIRT metadata, CVE-2026-24207 is a critical authentication-bypass issue in NVIDIA Triton Inference Server. The supplied CVSS vector indicates a network-reachable, unauthenticated attack path with no user interaction and high impact to confidentiality, integrity, and availability (9.8). The vulnerable CPE evidence in the corpus points to Triton Inference S [truncated]
CVE-2026-24206 is a high-severity authentication-bypass vulnerability in NVIDIA Triton Inference Server. NVD rates it 7.3 with a network attack vector, low complexity, and no privileges or user interaction required (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). NVIDIA identifies CWE-288, and the affected range in the NVD record is Triton Inference Server versions before 26.03. In practical terms, an expo [truncated]
CVE-2026-24163 is a HIGH-severity NVIDIA TensorRT-LLM issue caused by unsafe deserialization in RPC testing. The published NVD data ties the flaw to CWE-502 and indicates vulnerable TensorRT-LLM versions ending before 1.2. If exploited, the impact can include code execution, denial of service, data tampering, and information disclosure.
CVE-2026-24160 is a medium-severity vulnerability in NVIDIA TRT-LLM for any platform. An attacker could trigger an unchecked return value that leads to a null pointer dereference, which may cause denial of service. The supplied NVD data maps affected versions to NVIDIA TRT-LLM releases before 1.2.
CVE-2026-24142 is a medium-severity NVIDIA TensorRT-LLM vulnerability involving unsafe deserialization and an unsafe serialized handle. According to the supplied NVD record, a successful exploit may lead to code execution, data tampering, and information disclosure. The issue is scoped to TensorRT-LLM versions prior to 1.2 in the provided CPE criteria and is rated CVSS 6.3.
CVE-2025-33255 describes an unsafe deserialization weakness in the MPI server component of NVIDIA TRT-LLM. NVIDIA’s advisory and the NVD record identify the issue as CWE-502 and mark TRT-LLM versions before 1.2 as vulnerable. The published CVSS v3.1 score is 7.5 (HIGH), with potential impact including code execution, denial of service, data tampering, and information disclosure.
CVE-2025-33239 is a high-severity vulnerability in NVIDIA Megatron Bridge, a component of the NVIDIA Nemo Megatron Bridge product. The vulnerability is caused by a code injection issue in a data merging tutorial, which could allow an attacker to execute arbitrary code, escalate privileges, disclose information, and tamper with data. The Common Vulnerability Scoring System (CVSS) score for this vulnerabili [truncated]