Plataforma
nvidia
Componente
nvidia-delegated-licensing-service
Corrigido em
3.6.1
3.1.9
CVE-2026-24241 describes an improper authentication vulnerability within the NVIDIA Delegated Licensing Service. Successful exploitation could lead to information disclosure, potentially exposing sensitive data. This vulnerability affects all versions of the service prior to version 3.6. A patch has been released by NVIDIA, resolving the issue.
The primary impact of CVE-2026-24241 is the potential for information disclosure. An attacker who successfully exploits this vulnerability could gain access to confidential data managed by the NVIDIA Delegated Licensing Service. The specific data exposed would depend on the service's configuration and the attacker's privileges. While the description doesn't specify the exact data at risk, it could include licensing keys, user credentials, or other sensitive information. The blast radius is limited to systems running the vulnerable NVIDIA Delegated Licensing Service, but the consequences of data exposure could be significant, particularly if the exposed data is used to compromise other systems or services.
CVE-2026-24241 was publicly disclosed on February 24, 2026. As of this date, there are no publicly available proof-of-concept exploits. The EPSS score is pending evaluation. It is not currently listed on the CISA KEV catalog. Given the nature of the vulnerability (improper authentication) and the potential for information disclosure, it's prudent to monitor for potential exploitation attempts.
Organizations utilizing NVIDIA appliance platforms that rely on the Delegated Licensing Service are at risk. This includes environments with legacy configurations or those that haven't implemented robust access controls around the licensing service. Shared hosting environments where multiple users share the same appliance could also be particularly vulnerable.
• nvidia / appliance:
Get-Service -Name "NVIDIA Delegated Licensing Service" | Select-Object Status, StartType• nvidia / appliance: Check registry for unusual entries related to authentication or licensing. reg query HKLM\SOFTWARE\NVIDIA\DelegatedLicensingService
• generic web: Monitor access logs for unusual requests targeting the licensing service endpoints. Look for failed authentication attempts or requests for sensitive data.
• generic web: Check response headers for unexpected information or error messages that might indicate an exploitation attempt.
disclosure
Status do Exploit
EPSS
0.07% (percentil 22%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-24241 is to upgrade the NVIDIA Delegated Licensing Service to version 3.6 or later. This version includes a fix for the improper authentication issue. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing stricter access controls and monitoring for suspicious activity related to the licensing service. While a direct workaround isn't specified, reviewing and hardening the service's configuration to minimize the potential impact of a successful exploit is recommended. After upgrading, confirm the fix by verifying that authentication checks are functioning correctly and that no unauthorized access attempts are logged.
Atualize o componente DLS do NVIDIA License System para a versão 3.6 ou posterior. Isso corrigirá a vulnerabilidade de autenticação inadequada e evitará a possível divulgação de informações.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-24241 is a vulnerability in NVIDIA Delegated Licensing Service where an improper authentication issue could lead to information disclosure. It has a MEDIUM severity rating (CVSS 4.3) and affects versions prior to 3.6.
If you are using NVIDIA Delegated Licensing Service on an appliance platform and are running a version prior to 3.6, you are potentially affected by this vulnerability. Check your version and upgrade accordingly.
The recommended fix is to upgrade the NVIDIA Delegated Licensing Service to version 3.6 or later. This resolves the improper authentication issue.
As of February 24, 2026, there are no publicly known active exploitation campaigns or proof-of-concept exploits for CVE-2026-24241.
Refer to the official NVIDIA security advisory for CVE-2026-24241. The specific link will be available on the NVIDIA security website once published.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.