CVE-2026-24218

Vulnerability

NVIDIA DGX OS contains a vulnerability in the factory provisioning process where cloning a base image results in identical SSH host keys being deployed across multiple systems [1]. This issue affects systems provisioned from the same base image, causing all such systems to share the same cryptographic identity [1].

Exploitation

An attacker with network access to a system provisioned from the cloned image can exploit the shared host keys to perform host impersonation or attacker-in-the-middle attacks [1]. No authentication is required to leverage the shared cryptographic identifiers, as the attack targets the SSH trust model itself [1].

Impact

Successful exploitation enables the attacker to impersonate a legitimate host or intercept SSH connections, potentially leading to code execution, data tampering, escalation of privileges, information disclosure, and denial of service [1]. The impact is broad due to the shared trust across multiple systems.

Mitigation

As of the publication date (2026-05-20), NVIDIA has not yet disclosed a fix or workaround in the available references [1]. Organizations should monitor NVIDIA's security advisories for a patched version of DGX OS and consider regenerating unique SSH host keys on each system as an interim measure.