Description
NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, or denial of service.
Published: 2026-05-20
Score: 8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an integer overflow in the DALI backend of NVIDIA Triton Inference Server. According to the CVE description, exploitation could lead to code execution, data tampering, or denial of service. The flaw is identified as CWE‑190.

Affected Systems

The issue affects NVIDIA Triton Inference Server. No specific affected releases are mentioned in the notification, so any deployment that uses the DALI backend should be regarded as potentially vulnerable unless it has been updated to a version that includes the fix.

Risk and Exploitability

With a CVSS score of 8 the risk is considered high. The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog. The integer overflow is triggered by malformed input that the DALI backend processes, so the likely attack vector is remote via crafted inference requests transmitted to a Triton server over the network. An attacker would need to supply input that causes the overflow, potentially enabling arbitrary code execution or service disruption. The inference about the attack vector is based on the nature of the affected component and the description of the vulnerability.

Generated by OpenCVE AI on May 20, 2026 at 04:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA Triton Inference Server release that contains the DALI backend patch.
  • Implement strict input validation to reject oversized or malformed data before it reaches the DALI backend.
  • Configure monitoring and alerting for unexpected crashes or abnormal resource usage in the Triton deployment.

Generated by OpenCVE AI on May 20, 2026 at 04:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*

Wed, 20 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 05:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in NVIDIA Triton Inference Server DALI Backend
First Time appeared Nvidia
Nvidia triton Inference Server
Vendors & Products Nvidia
Nvidia triton Inference Server

Wed, 20 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, or denial of service.
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Nvidia Triton Inference Server
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-20T12:23:14.103Z

Reserved: 2026-01-21T19:09:35.634Z

Link: CVE-2026-24214

cve-icon Vulnrichment

Updated: 2026-05-20T12:23:11.060Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T04:16:47.173

Modified: 2026-05-20T17:13:59.930

Link: CVE-2026-24214

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T05:00:17Z

Weaknesses