CVE-2026-24173
Denial of Service via Malformed Request in NVIDIA Triton Server
Publication date: 2026-04-07
Last updated on: 2026-04-16
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | triton_inference_server | to 26.02 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability in NVIDIA Triton Inference Server can be detected by monitoring for server crashes or denial of service conditions triggered by malformed requests sent to the server.
Since the vulnerability is caused by malformed requests leading to a crash, detection could involve capturing and analyzing network traffic to identify unusual or malformed requests targeting the Triton Inference Server.
No specific detection commands or signatures are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not explicitly detailed in the provided information.
General best practices would include restricting network access to the NVIDIA Triton Inference Server to trusted sources, monitoring for unusual traffic patterns, and applying any available patches or updates from NVIDIA once released.
Can you explain this vulnerability to me?
CVE-2026-24173 is a vulnerability in the NVIDIA Triton Inference Server where an attacker can cause the server to crash by sending a malformed request.
This vulnerability is classified as an Integer Overflow or Wraparound weakness (CWE-190).
The attack can be performed remotely over the network without requiring any privileges or user interaction.
How can this vulnerability impact me? :
A successful exploit of this vulnerability can cause a denial of service (DoS) condition by crashing the NVIDIA Triton Inference Server.
This results in a high impact on the availability of the affected server, potentially disrupting services that rely on it.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes a denial of service (DoS) by crashing the NVIDIA Triton Inference Server when a malformed request is sent. It does not impact confidentiality or integrity of data.
Since the vulnerability does not affect data confidentiality or integrity, it is unlikely to directly cause non-compliance with standards like GDPR or HIPAA that focus on protecting personal or sensitive data.
However, the denial of service could impact availability, which is a component of some compliance frameworks. Organizations relying on the affected server for critical services might face availability issues, potentially affecting compliance with availability requirements.