CVE-2026-24173
Received Received - Intake
Denial of Service via Malformed Request in NVIDIA Triton Server

Publication date: 2026-04-07

Last updated on: 2026-04-16

Assigner: NVIDIA Corporation

Description
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-24173
EUVD
EUVD-2026-19755
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nvidia triton_inference_server to 26.02 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability causes a denial of service (DoS) by crashing the NVIDIA Triton Inference Server when a malformed request is sent. It does not impact confidentiality or integrity of data.

Since the vulnerability does not affect data confidentiality or integrity, it is unlikely to directly cause non-compliance with standards like GDPR or HIPAA that focus on protecting personal or sensitive data.

However, the denial of service could impact availability, which is a component of some compliance frameworks. Organizations relying on the affected server for critical services might face availability issues, potentially affecting compliance with availability requirements.

Detection Guidance

This vulnerability in NVIDIA Triton Inference Server can be detected by monitoring for server crashes or denial of service conditions triggered by malformed requests sent to the server.

Since the vulnerability is caused by malformed requests leading to a crash, detection could involve capturing and analyzing network traffic to identify unusual or malformed requests targeting the Triton Inference Server.

No specific detection commands or signatures are provided in the available information.

Mitigation Strategies

Immediate mitigation steps are not explicitly detailed in the provided information.

General best practices would include restricting network access to the NVIDIA Triton Inference Server to trusted sources, monitoring for unusual traffic patterns, and applying any available patches or updates from NVIDIA once released.

Executive Summary

CVE-2026-24173 is a vulnerability in the NVIDIA Triton Inference Server where an attacker can cause the server to crash by sending a malformed request.

This vulnerability is classified as an Integer Overflow or Wraparound weakness (CWE-190).

The attack can be performed remotely over the network without requiring any privileges or user interaction.

Impact Analysis

A successful exploit of this vulnerability can cause a denial of service (DoS) condition by crashing the NVIDIA Triton Inference Server.

This results in a high impact on the availability of the affected server, potentially disrupting services that rely on it.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24173. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart