Executive Summary

CVE-2026-24176 is a vulnerability in the NVIDIA KAI Scheduler that allows an attacker to perform improper authorization via cross-namespace pod references.

This flaw occurs because the system lacks proper authorization controls when accessing pods across different namespaces, which could be exploited by an attacker.

The vulnerability is classified under CWE-863 (Incorrect Authorization) and has a medium severity with a CVSS 3.1 base score of 4.3.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in NVIDIA KAI Scheduler allows improper authorization through cross-namespace pod references, which could lead to data tampering by unauthorized users.

While the provided information does not explicitly mention compliance with standards such as GDPR or HIPAA, the potential for unauthorized data modification could pose risks to data integrity requirements under these regulations.

Organizations subject to such regulations should consider this vulnerability as a factor that might impact their ability to maintain proper authorization controls and data integrity, which are critical for compliance.

Useful 0 Not Useful 0

Impact Analysis

A successful exploit of this vulnerability might lead to data tampering, specifically unauthorized modification of data within the system.

The vulnerability does not impact confidentiality or availability but has a low impact on integrity.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate the vulnerability CVE-2026-24176 in the NVIDIA KAI Scheduler, users should update to version 0.13.0 or later, where the issue has been addressed.

Alternatively, users can clone the software from the official KAI-Scheduler GitHub repository to obtain the fixed version.

Useful 0 Not Useful 0