CVE-2026-24175
Denial of Service via Malformed Header in NVIDIA Triton Server
Publication date: 2026-04-07
Last updated on: 2026-04-16
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | triton_inference_server | to 26.02 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-248 | An exception is thrown from a function, but it is not caught. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24175 is a vulnerability in the NVIDIA Triton Inference Server where an attacker can cause the server to crash by sending a malformed request header.
This vulnerability is classified under CWE-248 (Uncaught Exception) and can be exploited remotely without any privileges or user interaction.
The impact of this vulnerability is a denial of service (DoS) condition, affecting the availability of the server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes a denial of service (DoS) by crashing the NVIDIA Triton Inference Server when a malformed request header is sent. It impacts availability only and does not affect confidentiality or integrity.
Since the vulnerability does not compromise data confidentiality or integrity, it does not directly lead to violations of data protection regulations such as GDPR or HIPAA, which primarily focus on protecting personal data privacy and integrity.
However, the availability impact could affect compliance if the service outage prevents timely access to data or services required under these regulations.
How can this vulnerability impact me? :
This vulnerability can lead to a denial of service (DoS) on the NVIDIA Triton Inference Server by causing it to crash.
An attacker can exploit this remotely without any privileges or user interaction, potentially making the server unavailable and disrupting services that depend on it.
There is no impact on confidentiality or integrity, only on availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an attacker sending a malformed request header to the NVIDIA Triton Inference Server causing a server crash. Detection would involve monitoring for unusual or malformed request headers targeting the Triton Inference Server.
Specific commands or detection signatures are not provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
The available information does not specify immediate mitigation steps such as patches, configuration changes, or workarounds.
General best practices would include restricting network access to the NVIDIA Triton Inference Server, monitoring for abnormal traffic, and applying any official patches or updates from NVIDIA once available.