NVIDIA KAI Scheduler Faces Improper Authorization Through Cross-Namespace Pod References
CVE-2026-24176

4.3MEDIUM

Key Information:

Vendor: Nvidia
Status: Kai Scheduler
Vendor: CVE Published:; 21 April 2026

What is CVE-2026-24176?

The NVIDIA KAI Scheduler has a vulnerability that could allow an attacker to exploit improper authorization mechanisms through cross-namespace pod references. This vulnerability poses a risk of data tampering if an attacker successfully executes a crafted request, potentially compromising the integrity of the affected systems. Users of affected versions are advised to apply the recommended patches to mitigate these risks.

Affected Version(s)

KAI Scheduler Linux All versions prior to 0.13.0

References

https://nvd.nist.gov/vuln/detail/CVE-2026-24176

https://www.cve.org/CVERecord?id=CVE-2026-24176

https://nvidia.custhelp.com/app/answers/detail/a_id/5818

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 21, 2026
Vulnerability Reserved
Jan 21, 2026

CVE-2026-24176 Data

JSON

Nvidia

What is CVE-2026-24176?

Affected Version(s)

References

CVSS V3.1

Timeline