Vulnerability Details CVE-2026-24218
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or attacker-in-the-middle attacks. A successful exploit of this vulnerability might lead to code execution, data tampering, escalation of privileges, information disclosure, and denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.3%
CVSS Severity
CVSS v3 Score 8.1
References