Description
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service.
Published: 2026-07-01
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. This improper handling can cause the server to consume excessive resources or crash, resulting in a denial of service to legitimate users. The weakness is classified as CWE‑409, which covers improper removal of or insufficient validation of externally supplied data.

Affected Systems

The vulnerable product is NVIDIA Triton Inference Server running on Linux. No specific version range is provided in the advisory, so all installations of Triton that have not yet applied any official patch should be considered potentially impacted.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity. Because EPSS data is unavailable, the likelihood of exploitation cannot be quantified, but the risk remains significant. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, deployed by an attacker who can send specially crafted, highly compressed inputs to the Triton inference endpoint. Successful exploitation would likely lead to a halt of inference services for all users on the impacted instance.

Generated by OpenCVE AI on July 1, 2026 at 19:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Triton Inference Server version that contains the vendor’s fix
  • Restrict network access to the Triton inference endpoint to trusted hosts or networks and enforce authentication
  • Implement resource limits or throttling on incoming inference of unusually large or compressed payloads

Generated by OpenCVE AI on July 1, 2026 at 19:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 20:00:00 +0000

Type Values Removed Values Added
Title Improper Handling of Highly Compressed Data in NVIDIA Triton Inference Server Leading to Denial of Service

Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Description NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. A successful exploit of this vulnerability might lead to denial of service.
Weaknesses CWE-409
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-07-01T15:55:16.556Z

Reserved: 2026-01-21T19:09:49.054Z

Link: CVE-2026-24264

cve-icon Vulnrichment

Updated: 2026-07-01T15:55:11.648Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T19:45:04Z

Weaknesses
  • CWE-409

    Improper Handling of Highly Compressed Data (Data Amplification)