How is CVE-2026-24180 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network exposure is required to reach the vulnerable component. Authentication (required): Any low-privilege local account is sufficient; the attacker does not need administrative or elevated credentials. Victim interaction (required): A user on the system must perform some action (such as opening a crafted file or triggering a pipeline operation) for the overflow to be triggered. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

What is the impact of CVE-2026-24180?

Executes arbitrary code in the context of the process running NVIDIA DALI, giving the attacker a foothold on the host. Modifies in-memory or persisted data handled by the DALI pipeline, corrupting model inputs or training data. Crashes the DALI process, disrupting GPU-accelerated data-loading and halting dependent training or inference workloads. Reads memory contents accessible to the DALI process, which may include model weights, data batches, or credentials present in the process address space.

Back to search

HIGHCVE-2026-24180Published 2026-06-09Modified 2026-06-09CNA nvidia

CVE-2026-24180: NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow

NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure.

CVSS v3.1: 7.3
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

A heap-based buffer overflow exists in NVIDIA DALI, the GPU-accelerated data-loading library used in machine learning pipelines. The vulnerability is reachable locally and requires a low-privilege account plus a victim to perform an action, derived from the CVSS vector (AV:L/PR:L/UI:R). Successful exploitation gives an attacker full code execution on the host, the ability to tamper with data, crash the service, and read sensitive information. HarborGuard is tracking the upstream advisory and will make a patched-image rebuild available as soon as NVIDIA publishes a fix.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle NVIDIA DALI, across registries and CI/CD pipelines.

Available

Triage

HarborGuard is capable of scoring this finding at CVSS 7.3 (HIGH) and weighting it against each environment's compliance policy to route the alert to the appropriate team inbox within each customer organization.

Available

Patch

Because no fix version has been published by NVIDIA, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. Customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads automatically at that point.

Pending upstream

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network exposure is required to reach the vulnerable component.
AuthenticationRequired
Any low-privilege local account is sufficient; the attacker does not need administrative or elevated credentials.
Victim interactionRequired
A user on the system must perform some action (such as opening a crafted file or triggering a pipeline operation) for the overflow to be triggered.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

Blast Radius

Executes arbitrary code in the context of the process running NVIDIA DALI, giving the attacker a foothold on the host.
Modifies in-memory or persisted data handled by the DALI pipeline, corrupting model inputs or training data.
Crashes the DALI process, disrupting GPU-accelerated data-loading and halting dependent training or inference workloads.
Reads memory contents accessible to the DALI process, which may include model weights, data batches, or credentials present in the process address space.

How HarborGuard Handles This

Available on HarborGuard: this CVE is actively tracked against all images that include affected NVIDIA DALI versions (0.0 through 2.0). Because NVIDIA has not yet published a fix, no patched-image rebuild is available at this time. HarborGuard re-evaluates the advisory on every ingest cycle and will trigger a rebuild automatically once an upstream fix is released; customers with auto-remediation enabled will receive the rebuilt image, a regression-test run, and a PR against affected workloads without manual intervention. In the interim, consider applying compensating controls: restrict execution of DALI workloads to dedicated namespaces with network-policy isolation, avoid running untrusted pipeline inputs through affected environments, and gate DALI-dependent workloads behind feature flags where feasible until a patch is available.

See how HarborGuard automates this

Affected packages

NVIDIA / DALI
0.0 - 2.0

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References

Metrics

Get notified