CVE-2026-24176
Received Received - Intake

Improper Authorization in NVIDIA KAI Scheduler Enables Data Tampering

Vulnerability report for CVE-2026-24176, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-21

Last updated on: 2026-04-21

Assigner: NVIDIA Corporation

Description

NVIDIA KAI Scheduler contains a vulnerability where an attacker could cause improper authorization through cross-namespace pod references. A successful exploit of this vulnerability might lead to data tampering.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-21
Last Modified
2026-04-21
Generated
2026-07-06
AI Q&A
2026-04-21
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nvidia kai_scheduler to 0.13.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The vulnerability in NVIDIA KAI Scheduler allows improper authorization through cross-namespace pod references, which could lead to data tampering by unauthorized users.

While the provided information does not explicitly mention compliance with standards such as GDPR or HIPAA, the potential for unauthorized data modification could pose risks to data integrity requirements under these regulations.

Organizations subject to such regulations should consider this vulnerability as a factor that might impact their ability to maintain proper authorization controls and data integrity, which are critical for compliance.

Executive Summary

CVE-2026-24176 is a vulnerability in the NVIDIA KAI Scheduler that allows an attacker to perform improper authorization via cross-namespace pod references.

This flaw occurs because the system lacks proper authorization controls when accessing pods across different namespaces, which could be exploited by an attacker.

The vulnerability is classified under CWE-863 (Incorrect Authorization) and has a medium severity with a CVSS 3.1 base score of 4.3.

Impact Analysis

A successful exploit of this vulnerability might lead to data tampering, specifically unauthorized modification of data within the system.

The vulnerability does not impact confidentiality or availability but has a low impact on integrity.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-24176 in the NVIDIA KAI Scheduler, users should update to version 0.13.0 or later, where the issue has been addressed.

Alternatively, users can clone the software from the official KAI-Scheduler GitHub repository to obtain the fixed version.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24176. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart