Description
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.
Published: 2026-07-01
Score: 5.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free flaw exists in NVIDIA Triton Inference Server for Linux that allows an attacker to trigger memory corruption by sending the vulnerability is successfully exploited, the affected process can crash or become unresponsive, thereby denying legitimate users access to the inference service. The weakness aligns with CWE‑416, where a deallocated memory region is accessed after it has been freed.

Affected Systems

The vulnerability targets NVIDIA Triton Inference Server running on Linux. No version specifics are provided, so all current deployments may be susceptible until a patched release is applied.

Risk and Exploitability

The CVSS score of 5.9 indicates moderate severity. EPSS is not available, and the flaw is not listed in CISA’s KEV catalog, suggesting limited public exploitation data. The likely attack vector involves remote delivery of malformed inference requests, requiring network reachability to the Triton endpoint; the exact conditions are not disclosed, so the exploit risk is inferred from the nature of use‑after‑free attacks in similar contexts.

Generated by OpenCVE AI on July 1, 2026 at 19:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Triton Inference Server release that contains the vendor’s fix
  • Restrict external traffic to the inference endpoint using firewalls or reverse proxies so that only trusted clients can communicate
  • Configure health‑check or monitoring to detect service crashes and automatically restart the process when it stops
  • Implement input validation or size checks in any custom inference code to reduce the chance of sending malformed data

Generated by OpenCVE AI on July 1, 2026 at 19:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 20:00:00 +0000

Type Values Removed Values Added
Title Use‑After‑Free on NVIDIA Triton Inference Server Leading to Denial of Service

Wed, 01 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 01 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Description NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-07-01T15:55:42.553Z

Reserved: 2026-01-21T19:09:49.054Z

Link: CVE-2026-24266

cve-icon Vulnrichment

Updated: 2026-07-01T15:55:39.245Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T19:45:04Z

Weaknesses