Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-24260

CVSS 8.5 · High EPSS 0.49% · P38

Affected Version Matrix 2

VendorProductVersion RangeStatus
NVIDIAContainer ToolkitAll versions up to and including 1.19.0affected
NVIDIAGPU OperatorAll versions up to and including 26.3.1affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-24260

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Source: NVD (National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
NVIDIAContainer Toolkit All versions up to and including 1.19.0 -
NVIDIAGPU Operator All versions up to and including 26.3.1 -

II. Public POCs for CVE-2026-24260

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-24260

登录查看更多情报信息。

Vendor Advisories for CVE-2026-24260 (2)

Other References for CVE-2026-24260 (1)

Same Patch Batch · NVIDIA · 2026-07-01 · 17 CVEs total

CVE-2026-242709.8 CRITICALNVIDIA AIStore 1.x认证绕过漏洞
CVE-2025-233519.0 CRITICALNVIDIA ConnectX/BlueField越界写入漏洞
CVE-2025-233509.0 CRITICALNVIDIA ConnectX/BlueField越界写入漏洞
CVE-2026-242517.8 HIGHNVIDIA Megatron Bridge Linux提权与代码执行漏洞
CVE-2026-242507.8 HIGHNVIDIA Megatron Bridge输入验证漏洞致提权
CVE-2026-242497.8 HIGHNVIDIA Megatron Bridge Linux反序列化漏洞
CVE-2026-242487.8 HIGHNVIDIA Megatron Bridge代码生成控制漏洞
CVE-2026-242477.8 HIGHNVIDIA Megatron Bridge Linux反序列化漏洞
CVE-2026-242467.8 HIGHNVIDIA Megatron Bridge Linux代码执行漏洞
CVE-2026-242457.8 HIGHNVIDIA Megatron Bridge for Linux反序列化漏洞
CVE-2026-242447.8 HIGHNVIDIA Megatron Bridge Linux反序列化漏洞
CVE-2026-242437.8 HIGHNVIDIA Megatron Bridge for Linux反序列化漏洞
CVE-2026-242427.8 HIGHNVIDIA Megatron Bridge 存在 SSRF 漏洞可导致信息泄露
CVE-2026-242407.8 HIGHNVIDIA Megatron Bridge Linux代码执行漏洞
CVE-2026-242647.5 HIGHNVIDIA Triton Inference Server Denial of Service漏洞
CVE-2026-242665.9 MEDIUMNVIDIA Triton Inference Server 拒绝服务漏洞

IV. Related Vulnerabilities

V. Comments for CVE-2026-24260

No comments yet


Leave a comment