NVIDIA CUDA-Q Vulnerability Poses DoS, Info Disclosure Risk

/HIGH /CVSS 8.2/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitydenial-of-servicecwe-125
NVIDIA CUDA-Q Vulnerability Poses DoS, Info Disclosure Risk

The National Vulnerability Database has detailed CVE-2026-24189, a high-severity vulnerability (CVSS 8.2) in NVIDIA CUDA-Q. This flaw resides in an endpoint, where an unauthenticated attacker can trigger an out-of-bounds read by submitting a specially crafted request. This isn’t just a theoretical bug; it opens the door to significant operational disruption.

A successful exploit of this vulnerability could lead to denial of service, effectively crippling affected systems. Beyond availability, there’s also a risk of information disclosure, allowing attackers to potentially exfiltrate sensitive data. The ‘unauthenticated’ aspect is critical here – it means anyone can attempt to exploit this without needing prior access or credentials, significantly lowering the bar for attackers.

Defenders need to understand the attacker’s calculus: a high-impact vulnerability that requires no authentication is a prime target for opportunistic and targeted attacks alike. While specific affected products weren’t detailed by the National Vulnerability Database, any organization leveraging NVIDIA CUDA-Q should prioritize identifying their exposure and preparing for a patch, as the potential for unauthenticated DoS and info disclosure is a CISO’s nightmare.

What This Means For You

  • If your organization utilizes NVIDIA CUDA-Q, you need to immediately identify all instances where it's deployed. This unauthenticated out-of-bounds read (CWE-125) could lead to a full denial-of-service or critical information disclosure. Prepare for a patch release and ensure your incident response plans account for such high-impact, unauthenticated attack vectors.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1040 Network Sniffing Collection T1499 Endpoint Denial of Service Impact

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-24189 - NVIDIA CUDA-Q Unauthenticated Out-of-Bounds Read

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-24189 Vulnerability CVE-2026-24189

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 21, 2026 at 20:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6744 — Bagisto Server-Side Request Forgery

CVE-2026-6744 — A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results...

vulnerabilityCVEmedium-severityserver-side-request-forgerycwe-918
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 2 IOCs /⚙ 3 Sigma

Kyverno Policy Engine Flaw Leaks Service Account Tokens

CVE-2026-40868 — Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to 1.16.4, kyverno’s apiCall servicecall helper implicitly injects Authorization: Bearer...

vulnerabilityCVEhigh-severitycwe-922
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 3 Sigma

Coturn ARM64 Crash: Unauthenticated DoS via Crafted STUN Message

CVE-2026-40613 — Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform...

vulnerabilityCVEhigh-severitycwe-704
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 5 IOCs /⚙ 1 Sigma