CVE-2026-24218
Possible ATT&CK Techniques 3AI
T1078.001 · Default Accounts T1190 · Exploit Public-Facing Application T1557.001 · Name Resolution Poisoning and SMB RelayGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-24218
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or attacker-in-the-middle attacks. A successful exploit of this vulnerability might lead to code execution, data tampering, escalation of privileges, information disclosure, and denial of service.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的密码学密钥
Source: NVD (National Vulnerability Database)
Vulnerability Title
NVIDIA DGX OS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NVIDIA DGX OS是美国英伟达(NVIDIA)公司的一个面向DGX AI服务器平台的Linux操作系统与集群管理环境。 NVIDIA DGX OS存在安全漏洞,该漏洞源于工厂配置过程中克隆基础镜像导致SSH主机密钥相同,可能导致主机冒充或中间人攻击,进而导致代码执行、数据篡改、权限提升、信息泄露和拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-24218
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-24218
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-24218 (2)
Same Patch Batch · NVIDIA · 2026-05-20 · 16 CVEs total
| CVE-2026-24207 | 9.8 CRITICAL | NVIDIA Triton Inference Server 安全漏洞 |
| CVE-2026-24217 | 8.8 HIGH | NVIDIA BioNeMo Core 安全漏洞 |
| CVE-2026-24188 | 8.2 HIGH | NVIDIA TensorRT 缓冲区错误漏洞 |
| CVE-2026-24214 | 8.0 HIGH | NVIDIA Triton Inference Server 输入验证错误漏洞 |
| CVE-2026-24213 | 8.0 HIGH | NVIDIA Triton Inference Server 缓冲区错误漏洞 |
| CVE-2026-24216 | 7.8 HIGH | NVIDIA BioNeMo 代码问题漏洞 |
| CVE-2026-24163 | 7.5 HIGH | NVIDIA TRT-LLM 代码问题漏洞 |
| CVE-2025-33255 | 7.5 HIGH | NVIDIA TRT-LLM 代码问题漏洞 |
| CVE-2026-24210 | 7.5 HIGH | NVIDIA Triton Inference Server 输入验证错误漏洞 |
| CVE-2026-24209 | 7.5 HIGH | NVIDIA Triton Inference Server 路径遍历漏洞 |
| CVE-2026-24206 | 7.3 HIGH | NVIDIA Triton Inference Server 安全漏洞 |
| CVE-2026-24142 | 6.3 MEDIUM | NVIDIA TRT-LLM 代码问题漏洞 |
| CVE-2026-24215 | 5.7 MEDIUM | NVIDIA Triton Inference Server 资源管理错误漏洞 |
| CVE-2026-24160 | 5.5 MEDIUM | NVIDIA TRT-LLM 安全漏洞 |
| CVE-2026-24208 | 5.3 MEDIUM | NVIDIA Triton Inference Server 路径遍历漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2026-24218
No comments yet