HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-24270Published Modified CNA nvidia

CVE-2026-24270: NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication

NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An authentication bypass vulnerability exists in the NVIDIA AIStore framework, affecting all versions up to and including 4.4. The vulnerability is reachable over the network and requires no authentication or user interaction, as indicated by the CVSS vector. Successful exploitation grants an attacker full control over confidentiality, integrity, and availability of the affected system, enabling denial of service, privilege escalation, information disclosure, and data tampering. HarborGuard is tracking the advisory for patch availability and will make a patched-image rebuild available the moment NVIDIA publishes a fix.

HarborGuard Coverage

Detection

Detection of CVE-2026-24270 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including NVIDIA's CNA feed. Coverage extends to custom-built images that bundle the AIStore framework at any affected version in the 0 through 4.4 range.

Available
Triage

HarborGuard is capable of scoring this CVE at its published CVSS v3.1 rating of 9.8 (Critical) and weighting it against each customer's compliance policy to determine urgency and routing. Triage findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no fix version has been published by NVIDIA, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be initiated without manual intervention once a fix version exists.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to reach the AIStore service over the network; the vulnerability is exposed on any network-accessible deployment.

  • AuthenticationNot required

    No credentials or account of any privilege level are required to exploit this vulnerability.

  • Victim interactionNot required

    The attacker does not need to trick or involve any user to complete the exploit.

  • Attack complexityDetail

    The exploit is reliable and condition-free, requiring no race conditions, special memory layout, or other environmental factors.

Blast Radius

  • A successful attacker reads stored data, credentials, and any secrets accessible to the AIStore process.
  • The attacker modifies or deletes persisted objects and metadata within the AIStore data store.
  • The attacker crashes or hangs the AIStore service, making distributed storage unavailable to dependent workloads.
  • The attacker escalates to higher privilege levels within the AIStore environment, potentially pivoting to other services or host resources.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-24270 is active across all customer environments scanning images that include the NVIDIA AIStore framework at versions 0 through 4.4, with matching occurring within minutes of advisory ingestion. Because NVIDIA has not yet published a fix version, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild automatically the moment an upstream fix is released. For customers with auto-remediation enabled, that rebuild will be paired with a regression test run and a PR opened against affected workloads, with no manual intervention required. In the interim, compensating controls worth considering include network-policy rules that restrict access to AIStore endpoints to known internal clients only, egress filtering to limit lateral movement if a breach occurs, and disabling any publicly exposed AIStore API surfaces until a patch is available.

See how HarborGuard automates this
Affected packages
  • NVIDIA / AIStore framework
    0 - 4.4
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H