NVIDIA DGX OS SSH Host Key Vulnerability in Factory Provisioning Process

Vulnerability

A vulnerability exists in NVIDIA DGX OS due to the cloning of base images during the factory provisioning process, which results in identical SSH host keys being deployed across multiple systems. This uniformity in cryptographic identifiers allows for host impersonation or man-in-the-middle attacks. Exploiting this vulnerability could lead to code execution, unauthorized privilege escalation, data tampering, information disclosure, and denial-of-service conditions.

Impact

Successful exploitation could result in code execution, unauthorized privilege escalation, data tampering, information disclosure, and denial-of-service conditions.

Added: May 20, 2026, 9:03 PM

Updated: May 20, 2026, 9:03 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

6.7

exploitability

6.2

remediation

0.0

relevance

8.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

6.7

exploitability

6.2

remediation

0.0

relevance

8.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NVIDIA DGX OS SSH Host Key Vulnerability in Factory Provisioning Process

Vulnerability

Impact

Affected Products

NVIDIA DGX OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating