Description
NVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service.
Published: 2026-05-20
Score: 5.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA Triton Inference Server contains a flaw in its DALI backend that allows an attacker to cause uncontrolled resource consumption. The flaw can lead to denial of service by exhausting memory or CPU resources. This weakness is classified as CWE-400, indicating that the system does not adequately limit resource usage when processing input from potentially untrusted sources.

Affected Systems

The affected product is NVIDIA Triton Inference Server. The specific vendors and product name are NVIDIA Triton Inference Server; no version information was supplied, so administrators should verify all running instances against NVIDIA's advisory for patched releases.

Risk and Exploitability

The CVSS score of 5.7 indicates moderate severity. Because the EPSS score is not available, the likelihood of exploitation cannot be quantified, and the vulnerability is not listed in CISA's KEV catalog, the risk is considered modest. The attack vector is not explicitly defined in the description, but the likely scenario is that a malicious client could send specially crafted requests to the DALI backend, inducing the server to consume excessive resources. Successful exploitation would result in a denial of service affecting all users of the inference service.

Generated by OpenCVE AI on May 20, 2026 at 04:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Triton Inference Server patch or upgrade to a version that contains the fix for the DALI backend issue.
  • Configure resource limits and quotas for the DALI backend to cap memory and CPU usage, preventing exhaustion during high-load scenarios.
  • Implement rate limiting or request throttling, and monitor resource usage so that abnormal consumption patterns can be detected and mitigated promptly.

Generated by OpenCVE AI on May 20, 2026 at 04:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 16:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*

Wed, 20 May 2026 06:15:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia triton Inference Server
Vendors & Products Nvidia
Nvidia triton Inference Server

Wed, 20 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Uncontrolled Resource Consumption in NVIDIA Triton Inference Server DALI Backend Leading to DoS

Wed, 20 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description NVIDIA Triton Inference Server contains a vulnerability in the DALI backend, where an attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service.
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Nvidia Triton Inference Server
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-20T15:45:12.551Z

Reserved: 2026-01-21T19:09:35.634Z

Link: CVE-2026-24215

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-20T04:16:47.373

Modified: 2026-05-20T17:19:31.883

Link: CVE-2026-24215

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T06:00:09Z

Weaknesses