Description
NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service.
Published: 2026-03-24
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A flaw in NVIDIA Triton Inference Server’s SageMaker HTTP server allows an attacker to trigger an exception, which can cause the server to become unresponsive and ultimately deny service to legitimate users. The weakness is classified as CWE‑362, a race‑condition condition that leads to a state inconsistency. The resulting impact is a loss of availability for any workloads relying on the affected endpoint.

Affected Systems

The vulnerability affects NVIDIA’s Triton Inference Server, specifically the SageMaker HTTP server component. No specific version information is provided in the public record, so all releases of the product that include this component should be considered potentially affected.

Risk and Exploitability

The CVSS score of 7.5 denotes a high severity level. The EPSS score is reported as less than 1%, indicating a low probability of exploitation at this time, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, as the error can be triggered by external HTTP requests to the SageMaker endpoint. Successful exploitation would disrupt service but is unlikely to provide an attacker with other privileges or data access.

Generated by OpenCVE AI on March 31, 2026 at 05:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA Triton Inference Server patch or upgrade when it becomes available.
  • If a patch is not yet released, restrict or disable the SageMaker HTTP endpoint and monitor network traffic for repeated malformed requests that could trigger the exception.
  • Implement firewall or rate‑limiting rules to block suspicious traffic patterns that may exploit the vulnerability.

Generated by OpenCVE AI on March 31, 2026 at 05:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Exception Trigger in NVIDIA Triton Inference Server SageMaker HTTP Server

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Denial of Service via Exception Trigger in NVIDIA Triton Inference Server SageMaker HTTP Server

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia triton Inference Server
Vendors & Products Nvidia
Nvidia triton Inference Server

Tue, 24 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Description NVIDIA Triton Inference Server Sagemaker HTTP server contains a vulnerability where an attacker may cause an exception. A successful exploit of this vulnerability may lead to denial of service.
Weaknesses CWE-362
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Nvidia Triton Inference Server
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-03-25T14:27:27.955Z

Reserved: 2025-04-15T18:51:08.191Z

Link: CVE-2025-33238

cve-icon Vulnrichment

Updated: 2026-03-25T14:21:33.999Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-24T21:16:24.083

Modified: 2026-03-31T01:31:44.740

Link: CVE-2025-33238

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:09:22Z

Weaknesses