CVE-2026-24212 - Vulnerability Details

- Sensitive Information Exfiltration in NVIDIA Isaac Launchable Leading to Possible Code Execution

Description

NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.

Published: 2026-05-26

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in NVIDIA Isaac Launchable for Linux allows sensitive information to be transmitted in clear text, enabling an attacker to potentially execute code, elevate privileges, disclose confidential data, or tamper with data. The weakness appears to involve the lack of encryption for data that should remain confidential, which could be leveraged to compromise the system. A successful exploitation could allow attackers to gain high-level control over the affected system, jeopardizing both its confidentiality and integrity.

Affected Systems

All NVIDIA Isaac Launchable for Linux installations are affected. Specific system versions or releases are not disclosed in the available information, so all deployments should be considered vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity risk. EPSS data is not available, so the probability of exploitation cannot be quantified precisely, but the lack of encryption means attackers could feasibly intercept or manipulate data. The vulnerability is not currently listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote network traffic; an attacker can intercept or send data to the vulnerable component and then perform operations that lead to code execution or privilege escalation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NVIDIA

Isaac Launchable

unaffected

Version	Status	Constraints
`0`	affected	< 1.2

Configuration 1 [-]

AND

cpe:2.3:a:nvidia:isaac_launchable:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Nvidia

Isaac Launchable

100%

Version	Status	Scheme	Platform
`[0,1.2)`	affected	semver	['linux']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest NVIDIA Isaac Launchable patch once it becomes available
Audit network traffic for clear-text transmissions of sensitive data and replace with encrypted channels
If patching is not immediately possible, restrict access to the Isaac Launchable service to trusted hosts and monitor logs for anomalous activity

Generated by OpenCVE AI on May 26, 2026 at 18:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00655.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2026-24212
https://nvidia.custhelp.com/app/answers/detail/a_id/5830
https://www.cve.org/CVERecord?id=CVE-2026-24212

History

Wed, 27 May 2026 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:a:nvidia:isaac_launchable:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::*
Vendors & Products		Linux Linux linux Kernel

Tue, 26 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 26 May 2026 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nvidia Nvidia isaac Launchable
Vendors & Products		Nvidia Nvidia isaac Launchable

Tue, 26 May 2026 18:45:00 +0000

Type	Values Removed	Values Added
Title		Sensitive Information Exfiltration in NVIDIA Isaac Launchable Leading to Possible Code Execution

Tue, 26 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Weaknesses		CWE-319
References		https://nvd.nist.gov/vuln/detail/CVE-2026-24212 https://nvidia.custhelp.com/app/answers/detail/a_id/5830 https://www.cve.org/CVERecord?id=CVE-2026-24212
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Linux Linux Kernel

Nvidia Isaac Launchable

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2026-05-26T16:11:27.525Z

Updated: 2026-05-26T19:22:48.670Z

Reserved: 2026-01-21T19:09:35.634Z

Link: CVE-2026-24212

Vulnrichment

Updated: 2026-05-26T19:22:44.177Z

NVD

Status : Analyzed

Published: 2026-05-26T17:16:30.050

Modified: 2026-06-17T10:22:47.963

Link: CVE-2026-24212

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-26T19:00:14Z

Weaknesses

CWE-319
Cleartext Transmission of Sensitive Information

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object