NVIDIA
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any NVIDIA product.
RSS Feeds for NVIDIA security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in NVIDIA products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by NVIDIA Sorted by Most Security Vulnerabilities since 2018
Recent NVIDIA Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 5838 | Security Bulletin: NVIDIA Merlin - May 2026 | May 26, 2026 |
| 5830 | Security Bulletin: NVIDIA Isaac Launchable - May 2026 | May 26, 2026 |
| 5836 | Security Bulletin: NVIDIA TensorRT - May 2026 | May 19, 2026 |
| 5835 | Security Bulletin: NVIDIA DGX Spark - May 2026 | May 19, 2026 |
| 5821 | Security Bulletin: GPU Display Driver - May 2026 | May 19, 2026 |
| 5831 | Security Bulletin: NVIDIA BioNeMo Framework - May 2026 | May 19, 2026 |
| 5805 | Security Bulletin: NVIDIA TensorRT-LLM - May 2026 | May 19, 2026 |
| 5828 | Security Bulletin: NVIDIA Triton Inference Server - May 2026 | May 19, 2026 |
| 5837 | Security Bulletin: NVIDIA NemoClaw - April 2026 | April 28, 2026 |
| 5819 | Security Bulletin: NVIDIA FLARE SDK - April 2026 | April 28, 2026 |
By the Year
In 2026 there have been 95 vulnerabilities in NVIDIA with an average score of 7.4 out of ten. Last year, in 2025 NVIDIA had 174 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in NVIDIA in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.66.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 95 | 7.41 |
| 2025 | 174 | 6.74 |
| 2024 | 34 | 6.81 |
| 2023 | 28 | 6.22 |
| 2022 | 43 | 6.70 |
| 2021 | 75 | 6.54 |
| 2020 | 35 | 6.78 |
| 2019 | 16 | 6.90 |
| 2018 | 7 | 5.50 |
It may take a day or so for new NVIDIA vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NVIDIA Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-24237 | Jun 02, 2026 |
NVTabular Improper Deserialization RCE & Info DisclosureNVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. |
|
| CVE-2026-24221 | Jun 02, 2026 |
NVTabular Untrusted Deserialization Remote Code Execution (CVE-2026-24221)NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure. |
|
| CVE-2025-33221 | May 26, 2026 |
NVIDIA Display Driver Kernel Permission Flaw (CVE-2025-33221)NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service. |
Geforce
Tesla
|
| CVE-2026-24201 | May 26, 2026 |
NVIDIA vGPU Software OOB Access in Virtual GPU Manager (CVE-2026-24201)NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure. |
Virtual Gpu Manager
|
| CVE-2026-24200 | May 26, 2026 |
Use-After-Free in NVIDIA vGPU Virtual GPU Manager leads to DoS & Priv EscalationNVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
Virtual Gpu Manager
|
| CVE-2026-24194 | May 26, 2026 |
Privilege Escalation via Improper Permission in NVIDIA Display Driver (Linux)NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
Geforce
Tesla
|
| CVE-2026-24191 | May 26, 2026 |
NVIDIA Display Driver Windows TOCTOU Vulnerability (PrivEsc/DoS)NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
Geforce
Tesla
Virtual Gpu Manager
And others... |
| CVE-2026-24190 | May 26, 2026 |
GPU Resource Leak in NVIDIA Display Driver Kernel Mode LayerNVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
Geforce
Tesla
|
| CVE-2026-24193 | May 26, 2026 |
NVIDIA Display Driver OOB Write Enables PrivEsc & Code ExecNVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
Geforce
Tesla
|
| CVE-2026-24196 | May 26, 2026 |
NVIDIA Display Driver for Linux OOB Read/DoSNVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service and information disclosure. |
Geforce
Tesla
|
| CVE-2026-24197 | May 26, 2026 |
NVIDIA Display Driver Linux MIG Init Memory Corruption DoSNVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to data corruption or a hang during partition reconfiguration. A successful exploit of this vulnerability might lead to denial of service. |
Geforce
Tesla
Virtual Gpu Manager
And others... |
| CVE-2026-24199 | May 26, 2026 |
NVIDIA Display Driver Linux Kernel Module Race Condition DoSNVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A successful exploit of this vulnerability might lead to denial of service. |
Geforce
Tesla
Virtual Gpu Manager
And others... |
| CVE-2026-24198 | May 26, 2026 |
NVIDIA GPU Display Driver Race Condition Memory Leak (CVE-2026-24198)NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of service, data tampering, and information disclosure. |
Geforce
Tesla
|
| CVE-2026-24182 | May 26, 2026 |
NVIDIA Display Driver Lock Leak Enables DoSNVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial of service. |
Geforce
Tesla
Virtual Gpu Manager
And others... |
| CVE-2026-24195 | May 26, 2026 |
DoS via Improper Input Validation in NVIDIA UVM (Display Driver)NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial of service. |
|
| CVE-2026-24192 | May 26, 2026 |
Heap Buffer Overflow via Numeric Type Conversion in NVIDIA Linux Display DriverNVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
Geforce
Tesla
Virtual Gpu Manager
And others... |
| CVE-2026-24187 | May 26, 2026 |
UAF in NVIDIA Linux Display Driver Enables Privilege EscalationNVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
Geforce
Tesla
Virtual Gpu Manager
And others... |
| CVE-2026-24162 | May 26, 2026 |
Improp. Deserialization in NVIDIA Transformers4Rec on Linux leads to Code ExecNVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. |
|
| CVE-2026-24212 | May 26, 2026 |
Clear Text Info Leak CVE-2026-24212 NVIDIA Isaac Launchable LinuxNVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. |
|
| CVE-2026-24217 | May 20, 2026 |
Path Traversal in Nvidia BioNeMo Core on Linux Enables Code ExecutionNVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. |
Nemo
|
| CVE-2026-24216 | May 20, 2026 |
NVIDIA BioNemo: Deserialization Vulnerability Causing RCENVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. |
Nemo
|
| CVE-2026-24218 | May 20, 2026 |
NVIDIA DGX OS SSH Host Key Duplication VulnerabilityNVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or attacker-in-the-middle attacks. A successful exploit of this vulnerability might lead to code execution, data tampering, escalation of privileges, information disclosure, and denial of service. |
|
| CVE-2026-24188 | May 20, 2026 |
TensorRT OOB Write Data TamperingNVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering. |
|
| CVE-2026-24163 | May 20, 2026 |
NVIDIA TRT-LLM RPC unsafe deserialization allows code execNVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure. |
|
| CVE-2026-24160 | May 20, 2026 |
NVIDIA TRT-LLM Null Deref Denial of Service (CVE-2026-24160)NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service. |
|
| CVE-2026-24142 | May 20, 2026 |
NVIDIA TRT-LLM deserialization vulnerability enabling code execNVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. |
|
| CVE-2025-33255 | May 20, 2026 |
Unsafe Deserialization in NVIDIA TRTLLM MPI Server May Enable Code ExecNVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure. |
|
| CVE-2026-24215 | May 20, 2026 |
NVIDIA Triton Inference Server DALI Uncontrolled Resource DoSNVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service. |
Triton Inference Server
|
| CVE-2026-24214 | May 20, 2026 |
NVIDIA Triton Inference Server Integer Overflow in DALI BackendNVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, or denial of service. |
Triton Inference Server
|
| CVE-2026-24213 | May 20, 2026 |
NVIDIA Triton IFS DALI Backend OOB Read VulnerabilityNVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure. |
Triton Inference Server
|
| CVE-2026-24210 | May 20, 2026 |
CVE-2026-24210: NVIDIA Triton Inference Server Integer Overflow Leading to DoSNVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service. |
Triton Inference Server
|
| CVE-2026-24209 | May 20, 2026 |
Path Traversal DOS in NVIDIA Triton Inference ServerNVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service. |
Triton Inference Server
|
| CVE-2026-24208 | May 20, 2026 |
NVIDIA Triton Server Path Traversal (DoS)NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service. |
Triton Inference Server
|
| CVE-2026-24207 | May 20, 2026 |
Auth Bypass in NVIDIA Triton Inference ServerNVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. |
Triton Inference Server
|
| CVE-2026-24206 | May 20, 2026 |
NVIDIA Triton Inference Server Auth Bypass VulnerabilityNVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure. |
Triton Inference Server
|
| CVE-2026-24231 | Apr 28, 2026 |
NVIDIA NemoClaw SSRF via validateEndpointUrl() using 0.0.0.0/8NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL referencing the 0.0.0.0/8 address range through a blueprint configuration file or CLI flag. A successful exploit of this vulnerability may lead to information disclosure. |
Nemo
|
| CVE-2026-24222 | Apr 28, 2026 |
NVIDIA NeMoClaw Sandbox Env. Init: Prompt Injection Leak of Host VarsNVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure. |
Nemo
|
| CVE-2026-24204 | Apr 28, 2026 |
NVIDIA Flare SDK Improper Input Validation Path Traversal (CVE-2026-24204)NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure. |
|
| CVE-2026-24186 | Apr 28, 2026 |
NVIDIA FLARE SDK FOBS Deserialization CVE-2026-24186NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerability might lead to code execution. |
|
| CVE-2026-24178 | Apr 28, 2026 |
NVFlare Dashboard Auth Bypass via User-Controlled Key (CVE-2026-24178)NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service. |
|
| CVE-2026-24189 | Apr 21, 2026 |
CUDA-Q Out-of-Bounds Read via Unauth EndpointNVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure. |
|
| CVE-2026-24177 | Apr 21, 2026 |
NVIDIA KAI Scheduler Unauthorized API AccessNVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure. |
|
| CVE-2026-24176 | Apr 21, 2026 |
Improper Auth via CrossNamespace Pod Ref in NVIDIA KAI SchedulerNVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references. A successful exploit of this vulnerability might lead to data tampering. |
|
| CVE-2026-24175 | Apr 07, 2026 |
NVIDIA Triton Inference Server Crash via Malformed Header (DoS)NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header to the server. A successful exploit of this vulnerability might lead to denial of service. |
Triton Inference Server
|
| CVE-2026-24174 | Apr 07, 2026 |
NVIDIA Triton: Malformed Request Crash Leads to DoSNVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service. |
Triton Inference Server
|
| CVE-2026-24173 | Apr 07, 2026 |
Denial-of-Service via Malformed Request in NVIDIA Triton Inference ServerNVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service. |
Triton Inference Server
|
| CVE-2026-24147 | Apr 07, 2026 |
NVIDIA Triton Inference Server: Information Disclosure via Model Config UploadNVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disclosure by uploading a model configuration. A successful exploit of this vulnerability may lead to information disclosure or denial of service. |
Triton Inference Server
|
| CVE-2026-24146 | Apr 07, 2026 |
Triton Inference Server: Insufficient Input Validation Leads to DoSNVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service. |
Triton Inference Server
|
| CVE-2026-24156 | Apr 07, 2026 |
NVIDIA DALI Deserialization of Untrusted Data Arbitrary Code ExecutionNVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary code execution. |
|
| CVE-2026-24165 | Mar 31, 2026 |
NVIDIA BioNeMo Untrusted Deserialization CVE-2026-24165NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. |
Nemo
|