Primary

Context

NVIDIA Nsight Systems OS Command Injection Vulnerability in Gfx_Hotspot Recipe

Vulnerability

Patched

A command injection vulnerability has been identified in NVIDIA Nsight Systems within the gfx_hotspot recipe. This issue allows an attacker to inject malicious strings into the process_nsys_rep_cli.py script, but only if the script is executed manually. Exploiting this vulnerability could result in unauthorized code execution, elevated privileges, data manipulation, service disruption, and unintended information exposure.

Impact

Successful exploitation could lead to arbitrary code execution, privilege escalation, unauthorized data modification, denial of service, and disclosure of sensitive information.

Remediation

Users are advised to upgrade to the latest version of the NVIDIA CUDA Toolkit, available on the CUDA Toolkit Downloads page.

Added: Jan 20, 2026, 7:20 PM

Updated: Jan 20, 2026, 7:20 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

3.0

remediation

7.7

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

3.0

remediation

7.7

relevance

2.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA Nsight Systems OS Command Injection Vulnerability in Gfx_Hotspot Recipe

Vulnerability

Impact

Remediation

Affected Products

NVIDIA CUDA Toolkit

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating