Description
NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
Published: 2026-04-21
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthenticated out-of-bounds read that can cause denial of service and information disclosure.
Action: Patch Now
AI Analysis

Impact

NVIDIA CUDA‑Q is vulnerable to an out‑of‑bounds read that occurs when an unauthenticated requester sends a specially crafted message to an exposed endpoint. The flaw allows the attacker to read memory locations outside the intended buffer, potentially revealing sensitive data and disrupting application stability. This weakness is classified as CWE‑125 and can lead to both denial of service and information disclosure.

Affected Systems

The vulnerability affects NVIDIA’s CUDA‑Q product. Specific version details are not provided in the data, so all releases of CUDA‑Q could be impacted. Users should verify their installed CUDA‑Q variants against vendor advisories and update when a fix is released.

Risk and Exploitability

The CVSS score of 8.2 indicates high severity, and the lack of an EPSS score means exploitation probability is unknown. The vulnerability is listed as not present in the CISA KEV catalog. Attackers would need only network access to the vulnerable endpoint; no authentication is required, making the attack vector readily exploitable if the endpoint is exposed.

Generated by OpenCVE AI on April 21, 2026 at 22:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA CUDA‑Q patch or update to the newest release that addresses the out‑of‑bounds read issue.
  • If a patch is not yet available, block or restrict unauthenticated access to the vulnerable endpoint using firewall rules or network segmentation until the fix is applied.
  • Configure application or system monitoring to detect abnormal memory reads or repeated failed requests that could indicate exploitation attempts.
  • Consider adding transport-layer authentication or API gateway controls to ensure only authenticated clients can reach the possibly vulnerable service.
  • Maintain an updated inventory of NVIDIA CUDA‑Q deployments and verify that all are running the patched version.

Generated by OpenCVE AI on April 21, 2026 at 22:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia cuda-q
Vendors & Products Nvidia
Nvidia cuda-q

Wed, 22 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Unauthenticated Out-of-Bounds Read in NVIDIA CUDA-Q Endpoint

Tue, 21 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 21 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H'}

Subscriptions

Nvidia Cuda-q
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-04-21T16:41:23.992Z

Reserved: 2026-01-21T19:09:32.733Z

Link: CVE-2026-24189

cve-icon Vulnrichment

Updated: 2026-04-21T16:41:20.308Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-21T17:16:23.933

Modified: 2026-04-22T21:24:26.997

Link: CVE-2026-24189

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:46:14Z

Weaknesses