CVE-2026-24270: NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication
NVIDIA AIStore framework contains a vulnerability where an attacker could bypass authentication. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering.
Metrics
- CVSS v3.1
- 9.8
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An authentication bypass vulnerability exists in the NVIDIA AIStore framework, affecting all versions up to and including 4.4. The vulnerability is reachable over the network and requires no authentication or user interaction, as indicated by the CVSS vector. Successful exploitation grants an attacker full control over confidentiality, integrity, and availability of the affected system, enabling denial of service, privilege escalation, information disclosure, and data tampering. HarborGuard is tracking the advisory for patch availability and will make a patched-image rebuild available the moment NVIDIA publishes a fix.
HarborGuard Coverage
Detection of CVE-2026-24270 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including NVIDIA's CNA feed. Coverage extends to custom-built images that bundle the AIStore framework at any affected version in the 0 through 4.4 range.
AvailableHarborGuard is capable of scoring this CVE at its published CVSS v3.1 rating of 9.8 (Critical) and weighting it against each customer's compliance policy to determine urgency and routing. Triage findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.
AvailableBecause no fix version has been published by NVIDIA, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be initiated without manual intervention once a fix version exists.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The attacker must be able to reach the AIStore service over the network; the vulnerability is exposed on any network-accessible deployment.
- AuthenticationNot required
No credentials or account of any privilege level are required to exploit this vulnerability.
- Victim interactionNot required
The attacker does not need to trick or involve any user to complete the exploit.
- Attack complexityDetail
The exploit is reliable and condition-free, requiring no race conditions, special memory layout, or other environmental factors.
Blast Radius
- A successful attacker reads stored data, credentials, and any secrets accessible to the AIStore process.
- The attacker modifies or deletes persisted objects and metadata within the AIStore data store.
- The attacker crashes or hangs the AIStore service, making distributed storage unavailable to dependent workloads.
- The attacker escalates to higher privilege levels within the AIStore environment, potentially pivoting to other services or host resources.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-24270 is active across all customer environments scanning images that include the NVIDIA AIStore framework at versions 0 through 4.4, with matching occurring within minutes of advisory ingestion. Because NVIDIA has not yet published a fix version, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild automatically the moment an upstream fix is released. For customers with auto-remediation enabled, that rebuild will be paired with a regression test run and a PR opened against affected workloads, with no manual intervention required. In the interim, compensating controls worth considering include network-policy rules that restrict access to AIStore endpoints to known internal clients only, egress filtering to limit lateral movement if a breach occurs, and disabling any publicly exposed AIStore API surfaces until a patch is available.
- NVIDIA / AIStore framework0 - 4.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H