Description
NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary code execution.
Published: 2026-04-07
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

NVIDIA DALI contains a flaw that allows the deserialization of untrusted data. This weakness can let an attacker execute arbitrary code within the DALI process, potentially compromising confidentiality, integrity, and availability of systems that rely on it.

Affected Systems

The vulnerability is present in NVIDIA DALI. No specific version information is supplied in the CVE record, so all releases of DALI should be considered potentially affected until further clarification is provided.

Risk and Exploitability

The flaw has a CVSS score of 7.3, indicating high severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, but the potential for arbitrary code execution makes it a significant risk. Based on the description, the likely attack vector is the delivery of malicious data to the DALI component—such as through API calls, embedded data streams, or input files—though the exact conditions are not detailed. An attacker who can supply such data could potentially take control of the affected system.

Generated by OpenCVE AI on April 7, 2026 at 21:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check NVIDIA’s website or support portal for an available patch or an official update to DALI.
  • If a patch is released, apply the update immediately and verify that the vulnerable functionality is removed.
  • In the absence of a patch, restrict access to the DALI interface so that only trusted applications or users can provide input data.
  • Where feasible, add input validation or deserialization guard logic to reject data that does not meet expected formats.
  • Monitor system logs for unexpected deserialization activity and investigate any anomalies promptly.

Generated by OpenCVE AI on April 7, 2026 at 21:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia dali
Vendors & Products Nvidia
Nvidia dali

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Untrusted Data Deserialization in NVIDIA DALI Allows Arbitrary Code Execution

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary code execution.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Dali
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-04-07T19:22:32.597Z

Reserved: 2026-01-21T19:09:29.851Z

Link: CVE-2026-24156

cve-icon Vulnrichment

Updated: 2026-04-07T19:18:26.978Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-07T18:16:39.647

Modified: 2026-04-08T21:27:00.663

Link: CVE-2026-24156

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:24:02Z

Weaknesses