{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24158", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2026-01-21T19:09:29.851Z", "datePublished": "2026-03-24T20:26:28.640Z", "dateUpdated": "2026-03-25T14:27:11.988Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-24T20:26:28.640Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-789", "description": "CWE-789 Memory Allocation with Excessive Size Value", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service"}]}], "affected": [{"vendor": "NVIDIA", "product": "Triton Inference Server", "platforms": ["All"], "versions": [{"status": "affected", "version": "All versions prior to 26.01"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service.", "supportingMedia": [{"type": "text/html", "base64": true, "value": "NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service."}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24158"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24158"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5790"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T14:24:10.152143Z", "id": "CVE-2026-24158", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:27:11.988Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24158", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T14:24:10.152143Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:24:14.793Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of Service"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "Triton Inference Server", "versions": [{"status": "affected", "version": "All versions prior to 26.01"}], "platforms": ["All"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24158"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24158"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5790"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-789", "description": "CWE-789 Memory Allocation with Excessive Size Value"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-03-24T20:26:28.640Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24158", "state": "PUBLISHED", "dateUpdated": "2026-03-25T14:27:11.988Z", "dateReserved": "2026-01-21T19:09:29.851Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2026-03-24T20:26:28.640Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0D7A8AF-02D2-48AF-8F19-07020D3DA704", "versionEndExcluding": "26.01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability in the HTTP endpoint where an attacker may cause a denial of service by providing a large compressed payload. A successful exploit of this vulnerability may lead to denial of service."}, {"lang": "es", "value": "NVIDIA Triton Inference Server contiene una vulnerabilidad en el endpoint HTTP donde un atacante puede causar una denegaci\u00f3n de servicio al proporcionar una carga \u00fatil comprimida grande. Un exploit exitoso de esta vulnerabilidad puede conducir a una denegaci\u00f3n de servicio."}], "id": "CVE-2026-24158", "lastModified": "2026-03-31T01:29:00.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2026-03-24T21:16:27.997", "references": [{"source": "psirt@nvidia.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24158"}, {"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5790"}, {"source": "psirt@nvidia.com", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2026-24158"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "psirt@nvidia.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["all"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.01)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Triton Inference Server", "source": "cna", "vendor": "NVIDIA"}, "product": "triton_inference_server", "vendor": "nvidia"}], "analysis": {"en": {"generated_at": "2026-03-31T06:07:57.540970+00:00", "value": {"mitigation_remediation": ["Check whether NVIDIA Triton Inference Server is deployed in your environment", "Restrict access to the HTTP endpoint to trusted networks or IP ranges", "Apply any official NVIDIA patch or update as soon as it is released", "If no patch is available, disable the HTTP endpoint or restart the service during maintenance windows to mitigate temporary impact", "Monitor server logs for unusually large compressed requests and set alerts for potential abuse"], "summary": {"action": "Assess Impact", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects NVIDIA Triton Inference Server. The affected products are those that expose the HTTP endpoint, and while specific vulnerable releases are not listed, it is inferred that any version of Triton that supports the HTTP API may be susceptible.", "description_and_impact": "A large compressed payload sent to the HTTP endpoint of NVIDIA Triton Inference Server can cause excessive memory or resource consumption, leading to the service becoming unresponsive and denying legitimate traffic. This resource exhaustion issue is classified under CWE-789 (Uncontrolled Resource Consumption). The result is a denial of service that can affect any application relying on the inference service.", "risk_and_exploitability": "The issue carries a CVSS score of 7.5, indicating high severity, but the EPSS rate is below 1% and the vulnerability is not listed in the CISA KEV catalog, suggesting a low likelihood of exploitation at present. The attack vector is remote, via the publicly accessible HTTP interface; an attacker can send an oversized compressed request to trigger resource exhaustion. If exploited, the server may crash or become unresponsive, leading to service disruption until it is manually restarted or patched."}}}}, "created": "2026-03-25T11:45:56.227477+00:00", "updated": "2026-03-31T20:09:20.974752+00:00", "vendors": ["nvidia", "nvidia$PRODUCT$triton_inference_server"]}