CVE-2026-24213
Analyzed Analyzed - Analysis Complete
NVIDIA Triton Inference Server Out-of-Bounds Read Vulnerability

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: NVIDIA Corporation

Description
NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-09
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-08
NVD
CVE-2026-24213
EUVD
EUVD-2026-31055
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nvidia triton_inference_server to 26.03 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the NVIDIA Triton Inference Server's DALI backend and allows an attacker to cause an out-of-bounds read.

A successful exploit of this vulnerability could lead to code execution, data tampering, denial of service, or information disclosure.

Impact Analysis

Exploiting this vulnerability could have serious impacts including unauthorized code execution, which might allow attackers to take control of the affected system.

It could also lead to data tampering, meaning that data integrity could be compromised.

Additionally, it could cause denial of service, disrupting the availability of the service.

Information disclosure is another possible impact, potentially exposing sensitive data.

Mitigation Strategies

NVIDIA has acknowledged the vulnerability in the Triton Inference Server's DALI backend. Immediate mitigation steps would typically involve applying any available patches or updates provided by NVIDIA through their support page or advisories.

Since the vulnerability allows for out-of-bounds reads that could lead to code execution, data tampering, denial of service, or information disclosure, it is critical to update the Triton Inference Server to a fixed version as soon as possible.

Compliance Impact

The vulnerability in NVIDIA Triton Inference Server's DALI backend could lead to information disclosure, data tampering, code execution, or denial of service.

Such impacts may affect compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

However, there is no explicit information provided about direct effects on compliance with these regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24213. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart