CVE-2026-24176 PUBLISHED

Assigner: nvidia
Reserved: 21.01.2026 Published: 21.04.2026 Updated: 21.04.2026

NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references. A successful exploit of this vulnerability might lead to data tampering.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS Score: 4.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	NVIDIA
Product	KAI Scheduler
Versions	Default: unaffected Version All versions prior to 0.13.0 is affected

References

https://nvd.nist.gov/vuln/detail/CVE-2026-24176
https://www.cve.org/CVERecord?id=CVE-2026-24176
https://nvidia.custhelp.com/app/answers/detail/a_id/5818

Problem Types

CWE-863 Incorrect Authorization CWE

Impacts

Data Tampering