NVIDIA Cumulus Linux
Moderate fix3 remedies
cpe:2.3:o:nvidia:cumulus_linux:*:*:*:*:*:*:*
Moderate fix3 remedies
- < 5.14
- < 5.11.4
- < 5.9.4
NVIDIA Cumulus Linux and NVOS Command Injection Vulnerability in NVUE Interface Allowing Privilege Escalation
Vulnerability
Patched
A command injection vulnerability has been identified in the NVUE interface of NVIDIA Cumulus Linux and NVOS products. This vulnerability allows a low-privileged user to inject commands, potentially leading to unauthorized privilege escalation. The issue affects all versions of Cumulus Linux prior to 5.14, as well as specific NVOS versions on the GB200, GB300 (1.0), and IBSwitch XDR platforms.
Impact
Exploitation of this vulnerability could result in unauthorized command execution and escalation of privileges.
Remediation
Users can upgrade to Cumulus Linux versions 5.14, 5.11.4, or 5.9.4, depending on their current version. For NVOS, users should upgrade to version 25.02.2452 on GB200, 25.02.4282 on GB300 (1.0), or 25.02.5030 on IBSwitch XDR.
Added: Feb 24, 2026, 8:37 PM
Updated: Feb 24, 2026, 10:01 PM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
7.5exploitability
3.0remediation
7.7relevance
3.1threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.