Description
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service.
Published: 2026-04-07
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A malformed request sent to NVIDIA Triton Inference Server can cause the service to crash, resulting in a denial of service. This issue corresponds to CWE‑681, indicating a misuse of arithmetic operations that leads to uncontrolled behavior. The impact is a loss of availability of the inference server for all clients using that instance.

Affected Systems

The vulnerability affects NVIDIA Triton Inference Server. No specific version information is provided in the advisory, so all currently released versions may be impacted until a vendor fix is issued.

Risk and Exploitability

The CVSS score of 7.5 indicates moderate to high severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation to date. The likely attack vector is remote, through a malformed request that an attacker could send over the network. This can be performed without special privileges on an exposed server, making the vulnerability reasonably easy to exploit in accessible environments.

Generated by OpenCVE AI on April 7, 2026 at 22:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check NVIDIA’s support portal or website for an official patch or update for Triton Inference Server.
  • Apply the released patch or upgrade to the latest supported version as soon as it becomes available.
  • If no patch is yet available, isolate the inference server behind a firewall or access control solution and restrict inbound connections to trusted hosts.
  • Consider implementing input validation or rate limiting on the service to mitigate the impact of malformed requests while a fix is pending.
  • Restart the Triton Inference Server after any crash to restore service availability temporarily.

Generated by OpenCVE AI on April 7, 2026 at 22:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Denial of Service via Malformed Request to NVIDIA Triton Inference Server
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia triton Inference Server
Vendors & Products Nvidia
Nvidia triton Inference Server

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service.
Weaknesses CWE-681
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Nvidia Triton Inference Server
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-04-08T18:48:16.855Z

Reserved: 2026-01-21T19:09:31.777Z

Link: CVE-2026-24174

cve-icon Vulnrichment

Updated: 2026-04-08T18:48:10.979Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T18:16:39.923

Modified: 2026-04-16T16:59:40.033

Link: CVE-2026-24174

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:47:20Z

Weaknesses