Description
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.
Published: 2026-05-20
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability permits an attacker to perform a path traversal by manipulating input sent to NVIDIA Triton Inference Server, allowing the attacker to request files outside intended directories. Successful exploitation can result in denial of service, as the server may crash or become unavailable. This weakness is an instance of CWE‑22, which indicates insufficient validation of path strings.

Affected Systems

Any deployment of NVIDIA Triton Inference Server that has not applied the latest vendor update is susceptible. The CVE record does not list specific version numbers, so all pre‑patch releases are considered affected until verified otherwise.

Risk and Exploitability

The CVSS score of 7.5 categorizes this as high severity. No EPSS data are publicly available, so the likelihood of exploitation remains uncertain. The vulnerability is not currently listed in the CISA KEV catalog. Based on the description, the likely attack vector involves an adversary sending a crafted HTTP or gRPC request over the network to trigger the path traversal and cause the service to terminate, leading to downtime.

Generated by OpenCVE AI on May 20, 2026 at 04:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA patch for Triton Inference Server once released.
  • Restrict network access to the Triton service to trusted hosts or supervisors, limiting exposure to malicious inputs.
  • Implement file system access controls to prevent the service from accessing sensitive directories, and monitor for anomalous file requests or service crashes.

Generated by OpenCVE AI on May 20, 2026 at 04:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Wed, 20 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Path Traversal Leading to Denial of Service in NVIDIA Triton Inference Server
First Time appeared Nvidia
Nvidia triton Inference Server
Vendors & Products Nvidia
Nvidia triton Inference Server

Wed, 20 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Linux Linux Kernel
Nvidia Triton Inference Server
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-20T12:22:27.828Z

Reserved: 2026-01-21T19:09:34.871Z

Link: CVE-2026-24209

cve-icon Vulnrichment

Updated: 2026-05-20T12:22:22.985Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T04:16:46.463

Modified: 2026-05-20T17:22:25.470

Link: CVE-2026-24209

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T04:30:16Z

Weaknesses