CVE-2026-24215

Vulnerability

Overview

The NVIDIA Triton Inference Server contains a vulnerability in its DALI backend that leads to uncontrolled resource consumption [1]. This vulnerability allows an attacker to cause a denial of service condition by exploiting a resource management flaw in the DALI (Data Loading Library) integration [1].

Attack

Vector and Exploitation

The attack can be carried out remotely without requiring authentication, as the DALI backend processes data from client requests [1]. An attacker can send specially crafted input data to the inference server, causing it to allocate excessive resources such as memory or compute cycles [1]. This uncontrolled resource consumption degrades server performance and may eventually exhaust available resources.

Impact

A successful exploit results in denial of service, making the Triton Inference Server unavailable for legitimate users [1]. This can disrupt AI inference workflows in critical environments, including cloud-based and on-premises deployments [1].

Mitigation

NVIDIA has not released a specific patch in the description, but users should monitor NVIDIA's security advisories for updates. Applying the latest Triton Inference Server patches and restricting network access to the server are recommended mitigations.