Do Son 
NVIDIA has released two significant security updates addressing high-severity vulnerabilities across its DALI and Triton Inference Server software. The patches fix critical flaws that could lead to arbitrary code execution and widespread denial of service (DoS) in machine learning environments.
The most pressing issue involves NVIDIA DALI, a library designed to accelerate deep learning data pipelines. Tracked as CVE-2026-24156, the vulnerability carries a high CVSS score of 7.3.
According to the advisory, DALI “contains a vulnerability where an attacker could cause a deserialization of untrusted data”. This flaw is particularly dangerous because a “successful exploit of this vulnerability might lead to arbitrary code execution”. This type of attack (CWE-502) typically occurs when a program processes malicious serialized data without proper validation, potentially giving an attacker the same privileges as the user running the software.
NVIDIA also patched six vulnerabilities in its Triton Inference Server, a tool used to deploy and scale AI models in production. Five of these flaws are rated as High severity, primarily targeting the system’s availability.
Key vulnerabilities include:
- CVE-2026-24173 & CVE-2026-24174: These flaws allow an attacker to “cause a server crash by sending a malformed request to the server,” directly leading to a denial of service.
- CVE-2026-24146: A vulnerability where “insufficient input validation and a large number of outputs could cause a server crash”.
- CVE-2026-24147: This lower-severity issue involves an “information disclosure in Triton Server where an attacker may cause an information disclosure by uploading a model configuration”.
Organizations utilizing NVIDIA’s AI stack should immediately check their software versions.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
