{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24241", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2026-01-21T19:09:47.374Z", "datePublished": "2026-02-24T18:42:56.703Z", "dateUpdated": "2026-02-24T21:26:40.416Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["All(3.6)"], "product": "DLS component of NVIDIA License System", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions prior to v3.6"}]}, {"defaultStatus": "unaffected", "platforms": ["All(3.1)"], "product": "DLS component of NVIDIA License System", "vendor": "NVIDIA", "versions": [{"status": "affected", "version": "All versions prior to v3.1.8"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": true, "type": "text/html", "value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure."}], "value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Information disclosure"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-02-24T18:42:56.703Z"}, "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24241"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24241"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5789"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T21:26:29.531581Z", "id": "CVE-2026-24241", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T21:26:40.416Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24241", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-24T21:26:29.531581Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T21:26:36.248Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Information disclosure"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "DLS component of NVIDIA License System", "versions": [{"status": "affected", "version": "All versions prior to v3.6"}], "platforms": ["All(3.6)"], "defaultStatus": "unaffected"}, {"vendor": "NVIDIA", "product": "DLS component of NVIDIA License System", "versions": [{"status": "affected", "version": "All versions prior to v3.1.8"}], "platforms": ["All(3.1)"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24241"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24241"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5789"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-02-24T18:42:56.703Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24241", "state": "PUBLISHED", "dateUpdated": "2026-02-24T21:26:40.416Z", "dateReserved": "2026-01-21T19:09:47.374Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2026-02-24T18:42:56.703Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:delegated_license_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "E71A2F87-5ED1-46C6-9984-439F7D48BACB", "versionEndExcluding": "3.1.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:nvidia:delegated_license_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "A14A3C30-1897-45C8-9FE1-763AEFD0B15E", "versionEndExcluding": "3.6.0", "versionStartIncluding": "3.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure."}], "id": "CVE-2026-24241", "lastModified": "2026-02-27T20:01:49.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@nvidia.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-24T20:27:47.620", "references": [{"source": "psirt@nvidia.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24241"}, {"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5789"}, {"source": "psirt@nvidia.com", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2026-24241"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "psirt@nvidia.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["all(3.6)"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,v3.6)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "DLS component of NVIDIA License System", "source": "cna", "vendor": "NVIDIA"}, "product": "dls_component_of_nvidia_license_system", "vendor": "nvidia"}, {"configurations": [{"platform": ["all(3.1)"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,v3.1.8)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "DLS component of NVIDIA License System", "source": "cna", "vendor": "NVIDIA"}, "product": "dls_component_of_nvidia_license_system", "vendor": "nvidia"}], "analysis": {"en": {"generated_at": "2026-04-18T10:53:00.651354+00:00", "value": {"mitigation_remediation": ["Check NVIDIA\u2019s website or support portal for a patch or update addressing the Delegated Licensing Service vulnerability and apply it as soon as it becomes available.", "Configure network controls so that only trusted hosts or subnets can reach the DLS endpoints, for example by using firewall rules or VLAN segmentation to limit exposure of the licensing service to authorized systems.", "Enable logging and monitor authentication attempts for the DLS, and alert on repeated failures or unusual access patterns, to detect and respond to potential exploitation attempts."], "summary": {"action": "Monitor", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected component is the NVIDIA Delegated Licensing Service running on NVIDIA appliance platforms. Specific product versions are not provided in the CNA data, so all installations of this service on supported appliance platforms are potentially impacted.", "description_and_impact": "This vulnerability is an improper authentication flaw in the NVIDIA Delegated Licensing Service, which is part of NVIDIA's License System for all appliance platforms. The flaw enables an attacker to bypass normal authentication controls and potentially access sensitive data that is protected by the licensing service. The exposed information could include proprietary licensing information or other confidential data stored on the service, leading to confidentiality compromise.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity. The EPSS score is reported as less than 1%, showing a very low but non-zero probability of exploitation at the time of analysis, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote; an attacker could exploit the authentication weakness by interacting with the service over the network, possibly via exposed APIs or management interfaces. No additional exploitation conditions are described, and the impact is limited to information disclosure rather than full system compromise."}}}}, "created": "2026-02-25T11:35:43.212541+00:00", "title": "Improper Authentication in NVIDIA Delegated Licensing Service Leads to Information Disclosure", "updated": "2026-04-18T11:00:05.740935+00:00", "vendors": ["nvidia", "nvidia$PRODUCT$dls_component_of_nvidia_license_system"]}