CVE-2026-24218 - Vulnerability Details

Description

NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or attacker-in-the-middle attacks. A successful exploit of this vulnerability might lead to code execution, data tampering, escalation of privileges, information disclosure, and denial of service.

Published: 2026-05-20

Score: 8.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

NVIDIA DGX OS has a flaw in its factory provisioning process where cloning a base image copies the same SSH host keys across multiple systems. This duplication of cryptographic identifiers allows an attacker to impersonate a legitimate host or mount an attacker‑in‑‑middle attack, potentially achieving code execution, data tampering, privilege escalation, information disclosure, and denial of service. The vulnerability arises from reusing cryptographic keys, a weakness classified as CWE‑321.

Affected Systems

The affected product is NVIDIA DGX Spark. No specific version information is provided, but the issue applies to all DGX Spark systems that use the default provisioning script to clone base images.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity. EPSS data is unavailable, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the provisioning process itself; an attacker who can manipulate or observe the provisioning pipeline could inject malicious data or simply benefit from the shared keys. The potential for remote code execution and privilege escalation makes this a critical threat that requires immediate remediation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NVIDIA

DGX Spark

unaffected

Version	Status	Constraints
`0`	affected	< OTA0

No data.

Vendor Product Confidence Versions

Nvidia

Dgx Spark

100%

Version	Status	Scheme	Platform
`[0,OTA0)`	affected	generic	['nvidia_dgx_os']

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the NVIDIA DGX OS patch or upgrade to a version that assigns unique SSH host keys during provisioning.
If a patch is not yet available, re‑generate unique SSH host keys on each system or modify the provisioning scripts to create fresh keys per instance.
Disable or restrict the use of pre‑installed SSH host keys until individual keys are verified, and enforce strict host key verification in client configurations.
Monitor network traffic for signs of SSH key impersonation or unexpected key changes to detect potential MITM attacks.
Consider temporarily limiting SSH access to trusted administrators and using two‑factor authentication until the key uniqueness issue is resolved.

Generated by OpenCVE AI on May 20, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00019.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2026-24218
https://nvidia.custhelp.com/app/answers/detail/a_id/5835
https://www.cve.org/CVERecord?id=CVE-2026-24218

History

Thu, 21 May 2026 05:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 20 May 2026 21:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nvidia Nvidia dgx Spark
Vendors & Products		Nvidia Nvidia dgx Spark

Wed, 20 May 2026 19:30:00 +0000

Type	Values Removed	Values Added
Description		NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple systems. The sharing of cryptographic identifiers across all similarly provisioned systems enables host impersonation or attacker-in-the-middle attacks. A successful exploit of this vulnerability might lead to code execution, data tampering, escalation of privileges, information disclosure, and denial of service.
Weaknesses		CWE-321
References		https://nvd.nist.gov/vuln/detail/CVE-2026-24218 https://nvidia.custhelp.com/app/answers/detail/a_id/5835 https://www.cve.org/CVERecord?id=CVE-2026-24218
Metrics		cvssV3_1 `{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Nvidia Dgx Spark

MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2026-05-20T17:43:16.886Z

Updated: 2026-05-21T03:55:42.973Z

Reserved: 2026-01-21T19:09:35.635Z

Link: CVE-2026-24218

Vulnrichment

Updated: 2026-05-20T19:31:40.331Z

NVD

Status : Awaiting Analysis

Published: 2026-05-20T20:16:36.620

Modified: 2026-05-21T15:26:35.653

Link: CVE-2026-24218

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-20T21:30:36Z

Weaknesses

CWE-321

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object