NVIDIA
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any NVIDIA product.
RSS Feeds for NVIDIA security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in NVIDIA products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by NVIDIA Sorted by Most Security Vulnerabilities since 2018
Recent NVIDIA Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 5838 | Security Bulletin: NVIDIA Merlin - May 2026 | May 26, 2026 |
| 5830 | Security Bulletin: NVIDIA Isaac Launchable - May 2026 | May 26, 2026 |
| 5836 | Security Bulletin: NVIDIA TensorRT - May 2026 | May 19, 2026 |
| 5835 | Security Bulletin: NVIDIA DGX Spark - May 2026 | May 19, 2026 |
| 5821 | Security Bulletin: GPU Display Driver - May 2026 | May 19, 2026 |
| 5831 | Security Bulletin: NVIDIA BioNeMo Framework - May 2026 | May 19, 2026 |
| 5805 | Security Bulletin: NVIDIA TensorRT-LLM - May 2026 | May 19, 2026 |
| 5828 | Security Bulletin: NVIDIA Triton Inference Server - May 2026 | May 19, 2026 |
| 5837 | Security Bulletin: NVIDIA NemoClaw - April 2026 | April 28, 2026 |
| 5819 | Security Bulletin: NVIDIA FLARE SDK - April 2026 | April 28, 2026 |
By the Year
In 2026 there have been 116 vulnerabilities in NVIDIA with an average score of 7.5 out of ten. Last year, in 2025 NVIDIA had 174 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in NVIDIA in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.75.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 116 | 7.50 |
| 2025 | 174 | 6.74 |
| 2024 | 34 | 6.81 |
| 2023 | 28 | 6.22 |
| 2022 | 43 | 6.70 |
| 2021 | 75 | 6.54 |
| 2020 | 35 | 6.78 |
| 2019 | 16 | 6.90 |
| 2018 | 7 | 5.50 |
It may take a day or so for new NVIDIA vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NVIDIA Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-24270 | Jul 01, 2026 |
NVIDIA AIStore Auth Bypass CVE-2026-24270NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering. |
|
| CVE-2026-24266 | Jul 01, 2026 |
UAF in NVIDIA Triton Inference Server (Linux)NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service. |
|
| CVE-2026-24264 | Jul 01, 2026 |
NVIDIA Triton Inference Server DoS via High Compression ExploitNVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service. |
|
| CVE-2026-24251 | Jul 01, 2026 |
Code Execution via Improper Resource Control in NVIDIA Megatron Bridge on LinuxNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. |
|
| CVE-2026-24250 | Jul 01, 2026 |
NVIDIA Megatron Bridge for Linux: Improper Input Validation Leading to Code ExecutionNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. |
|
| CVE-2026-24249 | Jul 01, 2026 |
NVIDIA Megatron Bridge Deserialization Flaw CVE-2026-24249NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. |
|
| CVE-2026-24248 | Jul 01, 2026 |
Improper Code Generation in NVIDIA Megatron Bridge for LinuxNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. |
|
| CVE-2026-24247 | Jul 01, 2026 |
Deserialization Flaw in NVIDIA Megatron Bridge (Linux)NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. |
|
| CVE-2026-24246 | Jul 01, 2026 |
NVIDIA Megatron Bridge for Linux: Improper Control of Dynamically Managed CodeNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. |
|
| CVE-2026-24245 | Jul 01, 2026 |
Untrusted Deserialization in NVIDIA Megatron Bridge for Linux Enables RCENVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. |
|
| CVE-2026-24244 | Jul 01, 2026 |
NVIDIA Megatron Bridge Linux Untrusted Deserialization RCE CVE-2026-24244NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. |
|
| CVE-2026-24243 | Jul 01, 2026 |
Deserialization in NVIDIA Megatron Bridge for Linux may lead to code executionNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. |
|
| CVE-2026-24242 | Jul 01, 2026 |
CVE-2026-24242 NVIDIA Megatron Bridge SSRF Info DisclosureNVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure. |
|
| CVE-2026-24240 | Jul 01, 2026 |
Deserialization Vulnerability in NVIDIA Megatron Bridge for Linux Enables RCENVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure. |
|
| CVE-2025-23351 | Jul 01, 2026 |
OOB Write via VF Request in NVIDIA ConnectX/BlueField Command InterfaceNVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device. |
|
| CVE-2025-23350 | Jul 01, 2026 |
NVIDIA ConnectX/BlueField VF OOB Write Arbitrary ExecutionNVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device. |
|
| CVE-2026-24260 | Jul 01, 2026 |
NVIDIA Container Toolkit Linux TC-TOU Race Enables Escalation & Data TamperingNVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering. |
|
| CVE-2026-24228 | Jun 16, 2026 |
NVIDIA NeMo Framework Deserialization Flaw Enables Remote Code ExecNVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure. |
|
| CVE-2026-24155 | Jun 16, 2026 |
NVIDIA NeMo Framework Code Injection VulnerabilityNVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. |
|
| CVE-2026-24180 | Jun 09, 2026 |
Heap overflow in NVIDIA DALI may allow code executionNVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure. |
|
| CVE-2026-24181 | Jun 09, 2026 |
CVE-2026-24181: NVIDIA DALI Improper IDX Validation Exploitable for RCENVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure. |
|
| CVE-2026-24237 | Jun 02, 2026 |
NVTabular Improper Deserialization RCE & Info DisclosureNVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. |
|
| CVE-2026-24221 | Jun 02, 2026 |
NVTabular Untrusted Deserialization Remote Code Execution (CVE-2026-24221)NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure. |
|
| CVE-2025-33221 | May 26, 2026 |
NVIDIA Display Driver Kernel Permission Flaw (CVE-2025-33221)NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service. |
|
| CVE-2026-24201 | May 26, 2026 |
NVIDIA vGPU Software OOB Access in Virtual GPU Manager (CVE-2026-24201)NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure. |
|
| CVE-2026-24200 | May 26, 2026 |
Use-After-Free in NVIDIA vGPU Virtual GPU Manager leads to DoS & Priv EscalationNVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
|
| CVE-2026-24194 | May 26, 2026 |
Privilege Escalation via Improper Permission in NVIDIA Display Driver (Linux)NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
|
| CVE-2026-24191 | May 26, 2026 |
NVIDIA Display Driver Windows TOCTOU Vulnerability (PrivEsc/DoS)NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
And others... |
| CVE-2026-24190 | May 26, 2026 |
GPU Resource Leak in NVIDIA Display Driver Kernel Mode LayerNVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
|
| CVE-2026-24193 | May 26, 2026 |
NVIDIA Display Driver OOB Write Enables PrivEsc & Code ExecNVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
|
| CVE-2026-24196 | May 26, 2026 |
NVIDIA Display Driver for Linux OOB Read/DoSNVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure. |
|
| CVE-2026-24197 | May 26, 2026 |
NVIDIA Display Driver Linux MIG Init Memory Corruption DoSNVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service. |
And others... |
| CVE-2026-24199 | May 26, 2026 |
NVIDIA Display Driver Linux Kernel Module Race Condition DoSNVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial of service. |
And others... |
| CVE-2026-24198 | May 26, 2026 |
NVIDIA GPU Display Driver Race Condition Memory Leak (CVE-2026-24198)NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of service, data tampering, and information disclosure. |
|
| CVE-2026-24182 | May 26, 2026 |
NVIDIA Display Driver Lock Leak Enables DoSNVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service. |
And others... |
| CVE-2026-24195 | May 26, 2026 |
DoS via Improper Input Validation in NVIDIA UVM (Display Driver)NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service. |
|
| CVE-2026-24192 | May 26, 2026 |
Heap Buffer Overflow via Numeric Type Conversion in NVIDIA Linux Display DriverNVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
And others... |
| CVE-2026-24187 | May 26, 2026 |
UAF in NVIDIA Linux Display Driver Enables Privilege EscalationNVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
And others... |
| CVE-2026-24162 | May 26, 2026 |
Improp. Deserialization in NVIDIA Transformers4Rec on Linux leads to Code ExecNVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. |
|
| CVE-2026-24212 | May 26, 2026 |
Clear Text Info Leak CVE-2026-24212 NVIDIA Isaac Launchable LinuxNVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. |
|
| CVE-2026-24217 | May 20, 2026 |
Path Traversal in Nvidia BioNeMo Core on Linux Enables Code ExecutionNVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. |
|
| CVE-2026-24216 | May 20, 2026 |
NVIDIA BioNemo: Deserialization Vulnerability Causing RCENVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. |
|
| CVE-2026-24218 | May 20, 2026 |
NVIDIA DGX OS SSH Host Key Duplication VulnerabilityNVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or attacker-in-the-middle attacks. A successful exploit of this vulnerability might lead to code execution, data tampering, escalation of privileges, information disclosure, and denial of service. |
|
| CVE-2026-24188 | May 20, 2026 |
TensorRT OOB Write Data TamperingNVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering. |
|
| CVE-2026-24163 | May 20, 2026 |
NVIDIA TRT-LLM RPC unsafe deserialization allows code execNVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure. |
|
| CVE-2026-24160 | May 20, 2026 |
NVIDIA TRT-LLM Null Deref Denial of Service (CVE-2026-24160)NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service. |
|
| CVE-2026-24142 | May 20, 2026 |
NVIDIA TRT-LLM deserialization vulnerability enabling code execNVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. |
|
| CVE-2025-33255 | May 20, 2026 |
Unsafe Deserialization in NVIDIA TRTLLM MPI Server May Enable Code ExecNVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure. |
|
| CVE-2026-24215 | May 20, 2026 |
NVIDIA Triton Inference Server DALI Uncontrolled Resource DoSNVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service. |
|
| CVE-2026-24214 | May 20, 2026 |
NVIDIA Triton Inference Server Integer Overflow in DALI BackendNVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, or denial of service. |
|