Cyber Resilience

CVE-2026-24148

High

Published: 31 March 2026

Published
31 March 2026
Modified
03 April 2026
KEV Added
Patch
CVSS Score v3.1 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0035 26.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-24148 is a high-severity Initialization of a Resource with an Insecure Default (CWE-1188) vulnerability in Nvidia Jetson Linux. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-24148 affects NVIDIA Jetson platforms running JetPack software, specifically in the system initialization logic. The vulnerability enables an unprivileged attacker to force the initialization of a resource using an insecure default configuration. Published on 2026-03-31, it is rated with a CVSS v3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L) and is associated with CWE-1188.

An unprivileged attacker with low privileges can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Successful exploitation may result in information disclosure of encrypted data, data tampering, and partial denial of service impacting multiple devices that share the same machine ID.

Official advisories provide further details on mitigation, including patches where available. Refer to the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5797, the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-24148, and the CVE record at https://www.cve.org/CVERecord?id=CVE-2026-24148.

EU & UK References

Vulnerability details

NVIDIA Jetson for JetPack contains a vulnerability in the system initialization logic, where an unprivileged attacker could cause the initialization of a resource with an insecure default. A successful exploit of this vulnerability might lead to information disclosure of encrypted…

more

data, data tampering, and partial denial of service across devices sharing the same machine ID.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Remote network exploitation of insecure default resource initialization on Jetson platforms directly matches T1190; low-privilege attacker achieving high confidentiality/integrity impact indicates facilitation of privilege escalation via T1068.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24154Same product: Nvidia Jetson Agx Orin 32Gb
CVE-2025-33243Same vendor: Nvidia
CVE-2025-33223Same vendor: Nvidia
CVE-2025-33222Same vendor: Nvidia
CVE-2025-33179Same vendor: Nvidia
CVE-2026-24193Same vendor: Nvidia
CVE-2026-24164Same vendor: Nvidia
CVE-2026-24213Same vendor: Nvidia
CVE-2026-24194Same vendor: Nvidia
CVE-2026-24187Same vendor: Nvidia

Affected Assets

nvidia
jetson linux
≤ 35.6.4 · 36.0 — 36.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely remediation of flaws, including patches for the specific vulnerability in NVIDIA Jetson system initialization logic.

prevent

Enforces secure configuration settings to prevent initialization of resources with insecure defaults exploited by unprivileged attackers.

prevent

Limits privileges of unprivileged attackers, reducing their ability to trigger insecure resource initialization remotely.

References