Back to overview

CVE-2026-24260

HIGH
8.5
CVSS 3.1
Description
NVIDIA Container Toolkit for Linux contains a vulnerability where an attacker could cause a time-of-check time-of-use race condition. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, and data tampering.

Metadata

CVE ID
CVE-2026-24260
State
PUBLISHED
Assigner
nvidia
Reserved
2026-01-21 19:09 UTC
Published
2026-07-01 14:34 UTC
Last updated
2026-07-02 03:57 UTC
Primary CWE
CWE-367
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Vendor / Product
NVIDIA / Container Toolkit
Sources
cve.org  ·  NVD

Severity & Metrics

8.5 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
total
Affected products (2)
VendorProductPlatformVersions
NVIDIA Container Toolkit Linux All versions up to and including 1.19.0
NVIDIA GPU Operator Linux All versions up to and including 26.3.1
Weakness (CWE)
CWESourceDescription
CWE-367 cna CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.5 HIGH 3.1 cna CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Back to overview