CVE-2026-24177
Received Received - Intake
Unauthorized Access Vulnerability in NVIDIA KAI Scheduler APIs

Publication date: 2026-04-21

Last updated on: 2026-04-21

Assigner: NVIDIA Corporation

Description
NVIDIA KAI Scheduler contains a vulnerability where an attacker could access API endpoints without authorization. A successful exploit of this vulnerability might lead to information disclosure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-21
Last Modified
2026-04-21
Generated
2026-06-16
AI Q&A
2026-04-21
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24177
EUVD
EUVD-2026-24147
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nvidia kai_scheduler to 0.13.0 (exc)
nvidia kai_scheduler 0.13.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in NVIDIA KAI Scheduler allows unauthorized access to API endpoints, potentially leading to information disclosure. Such unauthorized information disclosure can impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive data and prevent unauthorized access.

However, the provided context and resources do not explicitly discuss the direct impact of this vulnerability on compliance with specific standards or regulations.

Executive Summary

CVE-2026-24177 is a vulnerability in the NVIDIA KAI Scheduler where an attacker can access API endpoints without proper authorization.

This flaw is classified as CWE-306, which means "Missing Authentication for Critical Function."

Exploiting this vulnerability can lead to information disclosure.

Impact Analysis

A successful exploit of this vulnerability allows an attacker to remotely access API endpoints without authorization.

This can result in the disclosure of sensitive or confidential information.

The vulnerability has a high severity score (CVSS 3.1 base score of 7.7) indicating a significant risk.

Detection Guidance

This vulnerability involves unauthorized access to API endpoints in the NVIDIA KAI Scheduler. Detection would involve monitoring network traffic for unauthorized API access attempts or scanning the system for exposed API endpoints that do not require proper authentication.

Specific commands are not provided in the available resources. However, general approaches might include using network monitoring tools like tcpdump or Wireshark to capture suspicious API calls, or using curl or similar HTTP clients to test access to API endpoints without authentication.

Mitigation Strategies

Immediate mitigation steps include restricting network access to the NVIDIA KAI Scheduler API endpoints to trusted users only, implementing proper authentication mechanisms if not already in place, and monitoring for unauthorized access attempts.

Since the vulnerability allows unauthorized API access, ensuring that the system is updated with any patches or newer versions released by NVIDIA addressing this issue is critical. Although no specific patch version is mentioned for this CVE, following NVIDIA's official guidance and updates is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24177. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart