Description
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header to the server. A successful exploit of this vulnerability might lead to denial of service.
Published: 2026-04-07
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

NVIDIA Triton Inference Server processes HTTP requests and, due to an unchecked input condition, can be forced to crash by a specially crafted request header. This flaw leads to a complete disruption of the inference service for all clients that rely on the server, causing a denial of service.

Affected Systems

The vulnerability applies to NVIDIA’s Triton Inference Server. The affected versions are not enumerated in the advisory, so any deployment that has not received a corrective update from NVIDIA may be susceptible.

Risk and Exploitability

The CVE has a CVSS score of 7.5, indicating a high risk level. No EPSS data is available, and the issue is not listed in CISA’s KEV catalog. Attackers are likely to exploit the weakness by sending a malformed header over the network, a straightforward technique that requires only the ability to reach the server’s interface.

Generated by OpenCVE AI on April 7, 2026 at 22:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA Triton Inference Server patch that addresses the malformed request header issue.
  • Verify the patch installation and confirm that the service is operating normally.
  • If a patch is not yet available, restrict external traffic to the server with a firewall or network policy until a fix is released.

Generated by OpenCVE AI on April 7, 2026 at 22:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 17:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Server Crash via Malformed Request Header Leading to Denial of Service
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia triton Inference Server
Vendors & Products Nvidia
Nvidia triton Inference Server

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Description NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header to the server. A successful exploit of this vulnerability might lead to denial of service.
Weaknesses CWE-248
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Nvidia Triton Inference Server
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-04-08T18:47:48.149Z

Reserved: 2026-01-21T19:09:31.778Z

Link: CVE-2026-24175

cve-icon Vulnrichment

Updated: 2026-04-08T18:47:41.567Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-07T18:16:40.067

Modified: 2026-04-16T16:57:54.740

Link: CVE-2026-24175

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:47:19Z

Weaknesses