NVIDIA NVIDIA

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any NVIDIA product.

RSS Feeds for NVIDIA security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in NVIDIA products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by NVIDIA Sorted by Most Security Vulnerabilities since 2018

NVIDIA Gpu Display Driver78 vulnerabilities

NVIDIA Triton Inference Server50 vulnerabilities

NVIDIA Virtual Gpu Manager46 vulnerabilities

NVIDIA Cuda Toolkit44 vulnerabilities

NVIDIA Nemo32 vulnerabilities

NVIDIA Geforce26 vulnerabilities

NVIDIA Tesla25 vulnerabilities

NVIDIA Jetson22 vulnerabilities

NVIDIA Geforce Experience18 vulnerabilities

NVIDIA Megatron Lm11 vulnerabilities

NVIDIA Gpu Driver7 vulnerabilities

NVIDIA Cumulus Linux3 vulnerabilities

NVIDIA Mlnx Os3 vulnerabilities

NVIDIA Onyx3 vulnerabilities

NVIDIA Aistore3 vulnerabilities

NVIDIA Bluefield1 vulnerability

Nvidia Gpu Operator1 vulnerability

NVIDIA Quadro1 vulnerability

NVIDIA Runai1 vulnerability

NVIDIA Skyway1 vulnerability

NVIDIA Studio1 vulnerability

NVIDIA Titan V Firmware1 vulnerability

NVIDIA Connectx1 vulnerability

NVIDIA Cv Cuda1 vulnerability

NVIDIA Igx1 vulnerability

NVIDIA Isaac Lab1 vulnerability

NVIDIA Jetson Linux1 vulnerability

Nvidia Container Toolkit1 vulnerability

NVIDIA Mellanox Os1 vulnerability

NVIDIA Metrox 21 vulnerability

NVIDIA Metrox 3 Xc1 vulnerability

NVIDIA Nsight Graphics1 vulnerability

NVIDIA Nvapp1 vulnerability

NVIDIA Nvdebug Tool1 vulnerability

Nvidia App1 vulnerability

Recent NVIDIA Security Advisories

Advisory Title Published
5838 Security Bulletin: NVIDIA Merlin - May 2026 May 26, 2026
5830 Security Bulletin: NVIDIA Isaac Launchable - May 2026 May 26, 2026
5836 Security Bulletin: NVIDIA TensorRT - May 2026 May 19, 2026
5835 Security Bulletin: NVIDIA DGX Spark - May 2026 May 19, 2026
5821 Security Bulletin: GPU Display Driver - May 2026 May 19, 2026
5831 Security Bulletin: NVIDIA BioNeMo Framework - May 2026 May 19, 2026
5805 Security Bulletin: NVIDIA TensorRT-LLM - May 2026 May 19, 2026
5828 Security Bulletin: NVIDIA Triton Inference Server - May 2026 May 19, 2026
5837 Security Bulletin: NVIDIA NemoClaw - April 2026 April 28, 2026
5819 Security Bulletin: NVIDIA FLARE SDK - April 2026 April 28, 2026

By the Year

In 2026 there have been 116 vulnerabilities in NVIDIA with an average score of 7.5 out of ten. Last year, in 2025 NVIDIA had 174 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in NVIDIA in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.75.




Year Vulnerabilities Average Score
2026 116 7.50
2025 174 6.74
2024 34 6.81
2023 28 6.22
2022 43 6.70
2021 75 6.54
2020 35 6.78
2019 16 6.90
2018 7 5.50

It may take a day or so for new NVIDIA vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent NVIDIA Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-24270 Jul 01, 2026
NVIDIA AIStore Auth Bypass CVE-2026-24270 NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
Aistore
CVE-2026-24266 Jul 01, 2026
UAF in NVIDIA Triton Inference Server (Linux) NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.
Triton Inference Server
CVE-2026-24264 Jul 01, 2026
NVIDIA Triton Inference Server DoS via High Compression Exploit NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service.
Triton Inference Server
CVE-2026-24251 Jul 01, 2026
Code Execution via Improper Resource Control in NVIDIA Megatron Bridge on Linux NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24250 Jul 01, 2026
NVIDIA Megatron Bridge for Linux: Improper Input Validation Leading to Code Execution NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24249 Jul 01, 2026
NVIDIA Megatron Bridge Deserialization Flaw CVE-2026-24249 NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24248 Jul 01, 2026
Improper Code Generation in NVIDIA Megatron Bridge for Linux NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24247 Jul 01, 2026
Deserialization Flaw in NVIDIA Megatron Bridge (Linux) NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24246 Jul 01, 2026
NVIDIA Megatron Bridge for Linux: Improper Control of Dynamically Managed Code NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper control of dynamically managed code resources. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24245 Jul 01, 2026
Untrusted Deserialization in NVIDIA Megatron Bridge for Linux Enables RCE NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24244 Jul 01, 2026
NVIDIA Megatron Bridge Linux Untrusted Deserialization RCE CVE-2026-24244 NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24243 Jul 01, 2026
Deserialization in NVIDIA Megatron Bridge for Linux may lead to code execution NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2026-24242 Jul 01, 2026
CVE-2026-24242 NVIDIA Megatron Bridge SSRF Info Disclosure NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure.
CVE-2026-24240 Jul 01, 2026
Deserialization Vulnerability in NVIDIA Megatron Bridge for Linux Enables RCE NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
CVE-2025-23351 Jul 01, 2026
OOB Write via VF Request in NVIDIA ConnectX/BlueField Command Interface NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
CVE-2025-23350 Jul 01, 2026
NVIDIA ConnectX/BlueField VF OOB Write Arbitrary Execution NVIDIA ConnectX and BlueField contain a vulnerability in the command interface where a local user with virtual function (VF) access may cause a write out of bounds by crafted input. A successful exploit of this vulnerability may lead to arbitrary code execution on the device.
CVE-2026-24260 Jul 01, 2026
NVIDIA Container Toolkit Linux TC-TOU Race Enables Escalation & Data Tampering NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering.
CVE-2026-24228 Jun 16, 2026
NVIDIA NeMo Framework Deserialization Flaw Enables Remote Code Exec NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure.
Nemo
CVE-2026-24155 Jun 16, 2026
NVIDIA NeMo Framework Code Injection Vulnerability NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Nemo
CVE-2026-24180 Jun 09, 2026
Heap overflow in NVIDIA DALI may allow code execution NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
CVE-2026-24181 Jun 09, 2026
CVE-2026-24181: NVIDIA DALI Improper IDX Validation Exploitable for RCE NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
CVE-2026-24237 Jun 02, 2026
NVTabular Improper Deserialization RCE & Info Disclosure NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
CVE-2026-24221 Jun 02, 2026
NVTabular Untrusted Deserialization Remote Code Execution (CVE-2026-24221) NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure.
CVE-2025-33221 May 26, 2026
NVIDIA Display Driver Kernel Permission Flaw (CVE-2025-33221) NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service.
Geforce
Tesla
CVE-2026-24201 May 26, 2026
NVIDIA vGPU Software OOB Access in Virtual GPU Manager (CVE-2026-24201) NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure.
Virtual Gpu Manager
CVE-2026-24200 May 26, 2026
Use-After-Free in NVIDIA vGPU Virtual GPU Manager leads to DoS & Priv Escalation NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Virtual Gpu Manager
CVE-2026-24194 May 26, 2026
Privilege Escalation via Improper Permission in NVIDIA Display Driver (Linux) NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Geforce
Tesla
CVE-2026-24191 May 26, 2026
NVIDIA Display Driver Windows TOCTOU Vulnerability (PrivEsc/DoS) NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Geforce
Tesla
Virtual Gpu Manager
And others...
CVE-2026-24190 May 26, 2026
GPU Resource Leak in NVIDIA Display Driver Kernel Mode Layer NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Geforce
Tesla
CVE-2026-24193 May 26, 2026
NVIDIA Display Driver OOB Write Enables PrivEsc & Code Exec NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Geforce
Tesla
CVE-2026-24196 May 26, 2026
NVIDIA Display Driver for Linux OOB Read/DoS NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
Geforce
Tesla
CVE-2026-24197 May 26, 2026
NVIDIA Display Driver Linux MIG Init Memory Corruption DoS NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service.
Geforce
Tesla
Virtual Gpu Manager
And others...
CVE-2026-24199 May 26, 2026
NVIDIA Display Driver Linux Kernel Module Race Condition DoS NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial of service.
Geforce
Tesla
Virtual Gpu Manager
And others...
CVE-2026-24198 May 26, 2026
NVIDIA GPU Display Driver Race Condition Memory Leak (CVE-2026-24198) NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of service, data tampering, and information disclosure.
Geforce
Tesla
CVE-2026-24182 May 26, 2026
NVIDIA Display Driver Lock Leak Enables DoS NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service.
Geforce
Tesla
Virtual Gpu Manager
And others...
CVE-2026-24195 May 26, 2026
DoS via Improper Input Validation in NVIDIA UVM (Display Driver) NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-24192 May 26, 2026
Heap Buffer Overflow via Numeric Type Conversion in NVIDIA Linux Display Driver NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Geforce
Tesla
Virtual Gpu Manager
And others...
CVE-2026-24187 May 26, 2026
UAF in NVIDIA Linux Display Driver Enables Privilege Escalation NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Geforce
Tesla
Virtual Gpu Manager
And others...
CVE-2026-24162 May 26, 2026
Improp. Deserialization in NVIDIA Transformers4Rec on Linux leads to Code Exec NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
CVE-2026-24212 May 26, 2026
Clear Text Info Leak CVE-2026-24212 NVIDIA Isaac Launchable Linux NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
CVE-2026-24217 May 20, 2026
Path Traversal in Nvidia BioNeMo Core on Linux Enables Code Execution NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Nemo
CVE-2026-24216 May 20, 2026
NVIDIA BioNemo: Deserialization Vulnerability Causing RCE NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering.
Nemo
CVE-2026-24218 May 20, 2026
NVIDIA DGX OS SSH Host Key Duplication Vulnerability NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or attacker-in-the-middle attacks. A successful exploit of this vulnerability might lead to code execution, data tampering, escalation of privileges, information disclosure, and denial of service.
CVE-2026-24188 May 20, 2026
TensorRT OOB Write Data Tampering NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering.
CVE-2026-24163 May 20, 2026
NVIDIA TRT-LLM RPC unsafe deserialization allows code exec NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
CVE-2026-24160 May 20, 2026
NVIDIA TRT-LLM Null Deref Denial of Service (CVE-2026-24160) NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
CVE-2026-24142 May 20, 2026
NVIDIA TRT-LLM deserialization vulnerability enabling code exec NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
CVE-2025-33255 May 20, 2026
Unsafe Deserialization in NVIDIA TRTLLM MPI Server May Enable Code Exec NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
CVE-2026-24215 May 20, 2026
NVIDIA Triton Inference Server DALI Uncontrolled Resource DoS NVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service.
Triton Inference Server
CVE-2026-24214 May 20, 2026
NVIDIA Triton Inference Server Integer Overflow in DALI Backend NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, or denial of service.
Triton Inference Server
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.