CVE-2026-24158
Received Received - Intake

Denial of Service via Large Payload in NVIDIA Triton HTTP Endpoint

Vulnerability report for CVE-2026-24158, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-24

Last updated on: 2026-03-31

Assigner: NVIDIA Corporation

Description

NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-24
Last Modified
2026-03-31
Generated
2026-07-06
AI Q&A
2026-03-24
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nvidia triton_inference_server to 26.01 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-24158 is a vulnerability in the NVIDIA Triton Inference Server's HTTP endpoint. It occurs when an attacker sends a large compressed payload to the server, which can cause a denial of service (DoS) condition by overwhelming the server's memory allocation."}, {'type': 'paragraph', 'content': 'This vulnerability is related to CWE-789, which involves problems with memory allocation due to excessive size values.'}] [2]

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition on the NVIDIA Triton Inference Server. An attacker can remotely exploit this issue without any privileges or user interaction, causing the server to become unavailable.

This means that the availability of the service is severely affected, potentially disrupting any applications or services relying on the Triton Inference Server.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24158. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart