CVE-2026-24158
Denial of Service via Large Payload in NVIDIA Triton HTTP Endpoint
Publication date: 2026-03-24
Last updated on: 2026-03-31
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | triton_inference_server | to 26.01 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-24158 is a vulnerability in the NVIDIA Triton Inference Server's HTTP endpoint. It occurs when an attacker sends a large compressed payload to the server, which can cause a denial of service (DoS) condition by overwhelming the server's memory allocation."}, {'type': 'paragraph', 'content': 'This vulnerability is related to CWE-789, which involves problems with memory allocation due to excessive size values.'}] [2]
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS) condition on the NVIDIA Triton Inference Server. An attacker can remotely exploit this issue without any privileges or user interaction, causing the server to become unavailable.
This means that the availability of the service is severely affected, potentially disrupting any applications or services relying on the Triton Inference Server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know