{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24189", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2026-01-21T19:09:32.733Z", "datePublished": "2026-04-21T16:17:54.323Z", "dateUpdated": "2026-04-21T16:41:23.992Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-04-21T16:17:54.323Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service, information disclosure"}]}], "affected": [{"vendor": "NVIDIA", "product": "CUDA-Q", "platforms": ["All"], "versions": [{"status": "affected", "version": "All versions prior to 0.14.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure.", "supportingMedia": [{"type": "text/html", "base64": true, "value": "NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure."}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24189"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24189"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5820"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-21T16:39:51.494493Z", "id": "CVE-2026-24189", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T16:41:23.992Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24189", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-21T16:39:51.494493Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-21T16:41:20.308Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service, information disclosure"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "CUDA-Q", "versions": [{"status": "affected", "version": "All versions prior to 0.14.0"}], "platforms": ["All"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24189"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24189"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5820"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-04-21T16:17:54.323Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24189", "state": "PUBLISHED", "dateUpdated": "2026-04-21T16:41:23.992Z", "dateReserved": "2026-01-21T19:09:32.733Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2026-04-21T16:17:54.323Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure."}], "id": "CVE-2026-24189", "lastModified": "2026-04-21T17:16:23.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2026-04-21T17:16:23.933", "references": [{"source": "psirt@nvidia.com", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24189"}, {"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5820"}, {"source": "psirt@nvidia.com", "url": "https://www.cve.org/CVERecord?id=CVE-2026-24189"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "psirt@nvidia.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["All"], "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.14.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "cuda-q", "vendor": "nvidia"}], "analysis": {"en": {"generated_at": "2026-04-21T22:41:20.876367+00:00", "value": {"mitigation_remediation": ["Apply the latest NVIDIA CUDA\u2011Q patch or update to the newest release that addresses the out\u2011of\u2011bounds read issue.", "If a patch is not yet available, block or restrict unauthenticated access to the vulnerable endpoint using firewall rules or network segmentation until the fix is applied.", "Configure application or system monitoring to detect abnormal memory reads or repeated failed requests that could indicate exploitation attempts.", "Consider adding transport-layer authentication or API gateway controls to ensure only authenticated clients can reach the possibly vulnerable service.", "Maintain an updated inventory of NVIDIA CUDA\u2011Q deployments and verify that all are running the patched version."], "summary": {"action": "Patch Now", "impact": "Unauthenticated out-of-bounds read that can cause denial of service and information disclosure."}, "threat_synthesis": {"affected_systems": "The vulnerability affects NVIDIA\u2019s CUDA\u2011Q product. Specific version details are not provided in the data, so all releases of CUDA\u2011Q could be impacted. Users should verify their installed CUDA\u2011Q variants against vendor advisories and update when a fix is released.", "description_and_impact": "NVIDIA CUDA\u2011Q is vulnerable to an out\u2011of\u2011bounds read that occurs when an unauthenticated requester sends a specially crafted message to an exposed endpoint. The flaw allows the attacker to read memory locations outside the intended buffer, potentially revealing sensitive data and disrupting application stability. This weakness is classified as CWE\u2011125 and can lead to both denial of service and information disclosure.", "risk_and_exploitability": "The CVSS score of 8.2 indicates high severity, and the lack of an EPSS score means exploitation probability is unknown. The vulnerability is listed as not present in the CISA KEV catalog. Attackers would need only network access to the vulnerable endpoint; no authentication is required, making the attack vector readily exploitable if the endpoint is exposed."}}}}, "created": "2026-04-21T22:45:16.061659+00:00", "title": "Unauthenticated Out-of-Bounds Read in NVIDIA CUDA-Q Endpoint", "updated": "2026-04-22T11:46:14.221015+00:00", "vendors": ["nvidia", "nvidia$PRODUCT$cuda-q"]}