Vulnerability Description
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or attacker-in-the-middle attacks. A successful exploit of this vulnerability might lead to code execution, data tampering, escalation of privileges, information disclosure, and denial of service.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://nvd.nist.gov/vuln/detail/CVE-2026-24218
- https://nvidia.custhelp.com/app/answers/detail/a_id/5835
- https://www.cve.org/CVERecord?id=CVE-2026-24218
FAQ
What is CVE-2026-24218?
CVE-2026-24218 is a vulnerability with a CVSS score of 8.1 (HIGH). NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cry...
How severe is CVE-2026-24218?
CVE-2026-24218 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-24218?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.