EXECUTIVE SUMMARY:
NVIDIA has released updates for its AI stack, specifically addressing vulnerabilities in NVIDIA DALI and Triton Inference Server used for machine learning data pipelines and inference deployments. The most affects NVIDIA DALI and involves unsafe deserialization of untrusted data that may allow an attacker to execute arbitrary code if exploited successfully. Additionally, several flaws in Triton were patched mainly denial‑of‑service (DoS) bugs and an information disclosure issue highlighting the importance of updating to DALI and Triton to secure AI environments against crashes, service disruption, or unauthorized information access.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
NVIDIA has released updates for its AI stack, specifically addressing vulnerabilities in NVIDIA DALI and Triton Inference Server used for machine learning data pipelines and inference deployments. The most affects NVIDIA DALI and involves unsafe deserialization of untrusted data that may allow an attacker to execute arbitrary code if exploited successfully. Additionally, several flaws in Triton were patched mainly denial‑of‑service (DoS) bugs and an information disclosure issue highlighting the importance of updating to DALI and Triton to secure AI environments against crashes, service disruption, or unauthorized information access.[emaillocker id="1283"]
CVE-2026-24156– It is an vulnerability in NVIDIA DALI contains a flaw where an attacker could cause a deserialization of untrusted data, potentially leading to arbitrary code execution. The attacker capability is high, as a successful exploit of this vulnerability might lead to arbitrary code execution. The prerequisites include a vulnerable NVIDIA DALI installation and an attacker with the ability to manipulate serialized data. The vulnerability has a CVSS score of 7.3.
CVE-2026-24173 – It is an vulnerability in NVIDIA Triton Inference Server allows an attacker to cause a server crash by sending a malformed request to the server, directly leading to a denial of service. The attacker capability is high, as an attacker can exploit this flaw with minimal privileges. The prerequisites include a vulnerable NVIDIA Triton Inference Server installation and an attacker with the ability to send malicious requests. The vulnerability has a CVSS score of 7.8.
CVE‑2026‑24174 – It is an vulnerabiltiy in NVIDIA Triton caused by certain malformed requests, also leading to server crashes with no privileges needed. The vulnerability has a CVSS score of 7.5.
CVE-2026-24146– It is an vulnerability in NVIDIA Triton Inference Server involves insufficient input validation and a large number of outputs, which can cause a server crash. The attacker capability is high, as an attacker can exploit this flaw with minimal privileges. The prerequisites include a vulnerable NVIDIA Triton Inference Server installation and an attacker with the ability to manipulate inputs and outputs.The vulnerability has a CVSS score of 7.8.
CVE‑2026‑24147 – It is an vulnerability Triton Inference Server where uploading a crafted model configuration may lead to information disclosure or, in some cases, limited denial of service. The vulnerability has a CVSS score of 4.8.
RECOMMENDATION:
We recommend you to update NVIDIA DALI and Triton Inference Server to version 2.0.0, r26.02 or later.
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/nvidia-dali-triton-security-update-cve-2026-24156/