CVE-2026-24177
Unauthorized Access Vulnerability in NVIDIA KAI Scheduler APIs
Publication date: 2026-04-21
Last updated on: 2026-04-21
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | kai_scheduler | to 0.13.0 (exc) |
| nvidia | kai_scheduler | 0.13.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24177 is a vulnerability in the NVIDIA KAI Scheduler where an attacker can access API endpoints without proper authorization.
This flaw is classified as CWE-306, which means "Missing Authentication for Critical Function."
Exploiting this vulnerability can lead to information disclosure.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in NVIDIA KAI Scheduler allows unauthorized access to API endpoints, potentially leading to information disclosure. Such unauthorized information disclosure can impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive data and prevent unauthorized access.
However, the provided context and resources do not explicitly discuss the direct impact of this vulnerability on compliance with specific standards or regulations.
How can this vulnerability impact me? :
A successful exploit of this vulnerability allows an attacker to remotely access API endpoints without authorization.
This can result in the disclosure of sensitive or confidential information.
The vulnerability has a high severity score (CVSS 3.1 base score of 7.7) indicating a significant risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves unauthorized access to API endpoints in the NVIDIA KAI Scheduler. Detection would involve monitoring network traffic for unauthorized API access attempts or scanning the system for exposed API endpoints that do not require proper authentication.
Specific commands are not provided in the available resources. However, general approaches might include using network monitoring tools like tcpdump or Wireshark to capture suspicious API calls, or using curl or similar HTTP clients to test access to API endpoints without authentication.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting network access to the NVIDIA KAI Scheduler API endpoints to trusted users only, implementing proper authentication mechanisms if not already in place, and monitoring for unauthorized access attempts.
Since the vulnerability allows unauthorized API access, ensuring that the system is updated with any patches or newer versions released by NVIDIA addressing this issue is critical. Although no specific patch version is mentioned for this CVE, following NVIDIA's official guidance and updates is recommended.