Description
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.
Published: 2026-05-20
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA Triton Inference Server has a path traversal flaw that allows an attacker to craft requests that resolve to arbitrary file paths, potentially disrupting server operation by causing a denial of service. The flaw is identified as a directory traversal issue (CWE‑22). Successful exploitation results in loss of service availability for the affected server instance, though it does not directly expose sensitive data or result in code execution.

Affected Systems

The vulnerability affects NVIDIA Triton Inference Server. No specific versions are listed, so all installations of the product are potentially impacted until a fix is applied.

Risk and Exploitability

This issue carries a CVSS score of 5.3, indicating moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no publicly known exploits at the time of reporting. The likely attack vector is inferred to be remote, leveraging the inference API or other exposed request handling mechanisms, though explicit details are not provided in the description.

Generated by OpenCVE AI on May 20, 2026 at 04:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA Triton Inference Server patch that resolves the path traversal issue; if a patch is not yet available, upgrade to an unpatched release that includes the fix once released.
  • Restrict network access to the Triton Inference Server by limiting exposure to trusted IP addresses or via a VPN, reducing the likelihood that an attacker can reach the vulnerable endpoint.
  • Implement or enforce input validation for any user‑supplied paths or parameters to ensure they cannot reference absolute or relative file system locations outside the intended directories.
  • Monitor the inference server logs for abnormal file access attempts and alert on repeated traversal‐related requests.

Generated by OpenCVE AI on May 20, 2026 at 04:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Wed, 20 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Path Traversal Vulnerability in NVIDIA Triton Inference Server May Lead to Denial of Service
First Time appeared Nvidia
Nvidia triton Inference Server
Vendors & Products Nvidia
Nvidia triton Inference Server

Wed, 20 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Linux Linux Kernel
Nvidia Triton Inference Server
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-20T12:22:52.580Z

Reserved: 2026-01-21T19:09:34.871Z

Link: CVE-2026-24208

cve-icon Vulnrichment

Updated: 2026-05-20T12:22:47.922Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T04:16:46.177

Modified: 2026-05-20T17:29:44.640

Link: CVE-2026-24208

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T04:30:16Z

Weaknesses