CVE-2026-24213

8.0 HIGH

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read

Published: 2026-05-20 · Last updated: 2026-05-20

Severity and scoring

CVSS: 8.0 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125

Affected products

Vendor	Product
nvidia	triton_inference_server

Description

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-24213
[Other]https://nvd.nist.gov/vuln/detail/CVE-2026-24213
[Vendor advisory]https://nvidia.custhelp.com/app/answers/detail/a_id/5828
[Other]https://www.cve.org/CVERecord?id=CVE-2026-24213

Related CVEs

Same vendor

CVE-2026-24228 — NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data (7.8 HIGH)
CVE-2026-24155 — NVIDIA NeMo Framework for all platforms contains a code injection vulnerability (7.8 HIGH)
CVE-2026-24237 — NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data (7.8 HIGH)
CVE-2026-24221 — NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data (7.8 HIGH)
CVE-2026-24199 — NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering comp... (4.7 MEDIUM)

Same CWE

CVE-2026-4367 — A flaw was found in libXpm (5.5 MEDIUM)
CVE-2026-47963 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47934 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47927 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47748 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (5.5 MEDIUM)