CVE-2026-24213

NVIDIA · Triton Inference Server

NVIDIA Triton Inference Server contains an out-of-bounds read vulnerability in the DALI backend that could be leveraged by an attacker.

Executive summary

An out-of-bounds read vulnerability in the NVIDIA Triton Inference Server DALI backend could allow unauthorized memory access or service instability.

Vulnerability

The vulnerability resides in the DALI backend, where an out-of-bounds read can occur during data processing. This type of flaw typically occurs when the software fails to properly validate input sizes, potentially allowing attackers to read sensitive memory contents or crash the service.

Business impact

With a CVSS score of 8.0, this High-severity vulnerability poses a threat to data confidentiality and service availability. Exploitation could lead to the exposure of sensitive inference data residing in memory or cause persistent service degradation, impacting the reliability of AI-driven production systems.

Remediation

Immediate Action: Review the NVIDIA security advisory to determine affected versions and apply the recommended software updates or patches immediately.

Proactive Monitoring: Review system and application logs for signs of segmentation faults or abnormal read operations occurring within the Triton Inference environment.

Compensating Controls: Utilize container security tools to monitor for unusual behavior and restrict the service's access to host memory and sensitive system resources.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The potential for unauthorized memory access necessitates prompt attention from security and IT operations teams. Organizations should verify their current deployment versions and apply the appropriate security updates provided by NVIDIA to mitigate the risk of exploitation.