CVE-2026-24218

Published: Mag 20, 2026 Last Modified: Mag 20, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,1
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or attacker-in-the-middle attacks. A successful exploit of this vulnerability might lead to code execution, data tampering, escalation of privileges, information disclosure, and denial of service.

321

Use of Hard-coded Cryptographic Key

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity Read Application Data
Applicable Platforms
Technologies: ICS/OT
Likelihood of Exploit: High
View CWE Details
https://nvd.nist.gov/vuln/detail/CVE-2026-24218
https://nvd.nist.gov/vuln/detail/CVE-2026-24218
https://nvidia.custhelp.com/app/answers/detail/a_id/5835
https://nvidia.custhelp.com/app/answers/detail/a_id/5835
https://www.cve.org/CVERecord?id=CVE-2026-24218
https://www.cve.org/CVERecord?id=CVE-2026-24218