Do Son 
NVIDIA has released a series of software updates to address high-severity vulnerabilities in its KAI Scheduler and CUDA-Q platforms. The vulnerabilities range from unauthorized API access to memory corruption flaws, potentially leading to information disclosure, data tampering, and system-wide denial of service.
Two distinct vulnerabilities have been identified in the NVIDIA KAI Scheduler, impacting all versions prior to 0.13.0.
- CVE-2026-24177 (CVSS 7.7): A high-severity flaw where API endpoints lack sufficient authorization. A successful exploit allows an attacker to access sensitive endpoints, leading directly to information disclosure.
- CVE-2026-24176 (CVSS 4.3): A medium-severity vulnerability involving improper authorization through cross-namespace pod references. This flaw could allow an attacker to cause data tampering within the scheduler’s environment.
NVIDIA urges users to update to KAI Scheduler v0.13.0 or later by cloning the latest code from the official GitHub repository.
The company has also patched a significant vulnerability in CUDA-Q impacting all versions prior to 0.14.0. This high-severity vulnerability, tracked as CVE-2026-24189 (CVSS 8.2), involves an out-of-bounds read (CWE-125) in a specific endpoint. An unauthenticated attacker can send a maliciously crafted request to trigger the flaw.
Successful exploitation can lead to both information disclosure and a denial of service (DoS) condition, potentially crashing critical GPU-accelerated workloads.
To protect your systems, NVIDIA recommends updating to CUDA-Q v0.14.0 or later, available on the CUDA-Q GitHub page.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
