Description
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service.
Published: 2026-05-20
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA Triton Inference Server is vulnerable to an integer overflow that can be triggered by malformed input. The flaw is a classic overflow in a signed integer calculation, as identified by CWE-190. If an attacker succeeds, the overflow can corrupt internal data structures or cause the server process to terminate, resulting in a denial of service. The impact is loss of availability of the inference service and potential interruption of business operations that rely on real‑time inference.

Affected Systems

The vulnerability applies to NVIDIA Triton Inference Server. Specific affected releases are not enumerated in the CVE record, so all versions should be assumed potentially impacted until a vendor release is confirmed.

Risk and Exploitability

The CVSS score of 7.5 indicates a high level of severity. The EPSS score is not available, but the absence of a KEV listing suggests no known active exploitation at this time. The most likely attack path is via the network exposed inference endpoints, with the attacker crafting a payload that forces the integer overflow. Successful exploitation would lead to a service crash, a classic denial-of-service scenario.

Generated by OpenCVE AI on May 20, 2026 at 04:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update NVIDIA Triton Inference Server to the latest patched version when available
  • Apply strict input validation on inference request payloads to prevent malformed data from triggering integer overflows
  • Implement network-level access controls to restrict access to inference endpoints and monitor for abnormal restarts

Generated by OpenCVE AI on May 20, 2026 at 04:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Wed, 20 May 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 05:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in NVIDIA Triton Inference Server Leading to Denial of Service

Wed, 20 May 2026 04:45:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia triton Inference Server
Vendors & Products Nvidia
Nvidia triton Inference Server

Wed, 20 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service.
Weaknesses CWE-190
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Linux Linux Kernel
Nvidia Triton Inference Server
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-20T12:22:01.858Z

Reserved: 2026-01-21T19:09:34.871Z

Link: CVE-2026-24210

cve-icon Vulnrichment

Updated: 2026-05-20T12:21:58.288Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T04:16:46.690

Modified: 2026-05-20T17:20:33.123

Link: CVE-2026-24210

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T05:00:17Z

Weaknesses