Description
NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disclosure by uploading a model configuration. A successful exploit of this vulnerability may lead to information disclosure or denial of service.
Published: 2026-04-07
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Assess Impact
AI Analysis

Impact

A flaw in NVIDIA Triton Inference Server permits an attacker to upload a model configuration, thereby exposing sensitive data or causing a denial of service. The weakness is a path traversal issue that can reveal files, classified as CWE-22.

Affected Systems

The NVIDIA Triton Inference Server is the affected product; specific version details are not listed, so all deployments may be susceptible until a vendor update is issued.

Risk and Exploitability

The CVSS score of 4.8 indicates medium severity, and the EPSS score is unavailable while the vulnerability is not on the KEV list. Based on the description, the attack vector is likely remote, requiring an attacker to submit a model configuration through the server’s network interface.

Generated by OpenCVE AI on April 7, 2026 at 21:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether Triton Inference Server is in use and assess whether model configuration uploads are necessary.
  • Restrict upload access to trusted users or a limited set of IP addresses.
  • Keep abreast of NVIDIA advisories for a patch, and apply any released fix as soon as it becomes available.
  • If a patch is not yet available, consider disabling model configuration upload if it is not required for business operations.

Generated by OpenCVE AI on April 7, 2026 at 21:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Model Configuration Upload Leading to Information Disclosure in NVIDIA Triton Inference Server

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia triton Inference Server
Vendors & Products Nvidia
Nvidia triton Inference Server

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disclosure by uploading a model configuration. A successful exploit of this vulnerability may lead to information disclosure or denial of service.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L'}

Subscriptions

Nvidia Triton Inference Server
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-04-07T19:17:39.702Z

Reserved: 2026-01-21T19:09:27.438Z

Link: CVE-2026-24147

cve-icon Vulnrichment

Updated: 2026-04-07T19:17:34.307Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T18:16:39.507

Modified: 2026-04-16T17:03:35.393

Link: CVE-2026-24147

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:47:22Z

Weaknesses