CVE-2026-24156
Deserialization Vulnerability in NVIDIA DALI Enables Code Execution
Publication date: 2026-04-07
Last updated on: 2026-04-07
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | dali | * |
| nvidia | dali | to 2.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24156 is a vulnerability in NVIDIA DALI involving the deserialization of untrusted data.
An attacker exploiting this vulnerability could cause arbitrary code execution on the affected system.
This vulnerability is classified under CWE-502 (Deserialization of Untrusted Data) and has a high severity score of 7.3 according to CVSS v3.1.
How can this vulnerability impact me? :
A successful exploit of this vulnerability might allow an attacker to execute arbitrary code on your system.
This can lead to a high impact on confidentiality, integrity, and availability of your data and systems.
- Confidentiality: Sensitive information could be exposed.
- Integrity: Data or system integrity could be compromised.
- Availability: System availability could be disrupted.
The attack requires local access, low privileges, and user interaction, but the consequences are severe.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-24156 vulnerability in NVIDIA DALI, users should update to version 2.0 or later, as this version addresses the vulnerability.
You can update by following the official installation instructions or by cloning the NVIDIA/DALI GitHub repository to obtain the latest secure version.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in NVIDIA DALI allows an attacker to execute arbitrary code through deserialization of untrusted data, which results in high impact on confidentiality, integrity, and availability.
Such a vulnerability could potentially lead to unauthorized access or manipulation of sensitive data, which may affect compliance with standards and regulations like GDPR and HIPAA that require protection of data confidentiality and integrity.
However, no explicit information is provided in the available resources about direct impacts or guidance related to compliance with these regulations.