Description
NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
Published: 2026-06-09
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA DALI contains a flaw in one of its components where indices are not properly validated. The vulnerability can lead to code execution, data tampering, denial of service, and information disclosure if an attacker supplies crafted input. The weakness corresponds to improper index validation, identified as CWE-129.

Affected Systems

The sole affected product is NVIDIA DALI. No specific version information is disclosed, so all installations of the library may be impacted until a patch is applied.

Risk and Exploitability

The CVSS score of 7.3 indicates this is a high severity vulnerability. EPSS information is not available and the issue is not listed in CISA KEV. The attack vector likely requires that the adversary can supply malicious input to the DALI component; this could occur locally when the library runs with elevated privileges, or remotely if external data is processed by the library. Successful exploitation can give an attacker the ability to execute arbitrary code, alter data, crash the application, or disclose sensitive information.

Generated by OpenCVE AI on June 9, 2026 at 17:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update NVIDIA DALI to the latest release that includes the fix for improper index validation.
  • If an immediate update is not possible, add application‑level checks to validate all indices before passing data to DALI, ensuring they fall within expected bounds.
  • Run the process that utilizes DALI with the least privilege necessary and consider containerizing the service to contain any potential impact.
  • Monitor system logs for abnormal activity related to DALI usage and apply future patches promptly.

Generated by OpenCVE AI on June 9, 2026 at 17:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Title Improper Index Validation in NVIDIA DALI Allowing Code Execution
First Time appeared Nvidia
Nvidia dali
Vendors & Products Nvidia
Nvidia dali

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Description NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.
Weaknesses CWE-129
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Dali
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-06-09T23:45:57.096Z

Reserved: 2026-01-21T19:09:32.731Z

Link: CVE-2026-24181

cve-icon Vulnrichment

Updated: 2026-06-09T18:26:15.768Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T17:17:02.807

Modified: 2026-06-09T19:38:32.463

Link: CVE-2026-24181

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T17:30:10Z

Weaknesses