{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24174", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2026-01-21T19:09:31.777Z", "datePublished": "2026-04-07T17:12:42.500Z", "dateUpdated": "2026-04-08T18:48:16.855Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-04-07T17:12:42.500Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-681", "description": "CWE-681 Incorrect Conversion between Numeric Types", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "affected": [{"vendor": "NVIDIA", "product": "Triton Inference Server", "platforms": ["All"], "versions": [{"status": "affected", "version": "All versions prior to r26.02"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service.", "supportingMedia": [{"type": "text/html", "base64": true, "value": "NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service."}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24174"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24174"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5816"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T18:48:05.742558Z", "id": "CVE-2026-24174", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T18:48:16.855Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24174", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-08T18:48:05.742558Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T18:48:10.979Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "Triton Inference Server", "versions": [{"status": "affected", "version": "All versions prior to r26.02"}], "platforms": ["All"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24174"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24174"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5816"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-681", "description": "CWE-681 Incorrect Conversion between Numeric Types"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-04-07T17:12:42.500Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24174", "state": "PUBLISHED", "dateUpdated": "2026-04-08T18:48:16.855Z", "dateReserved": "2026-01-21T19:09:31.777Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2026-04-07T17:12:42.500Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "D065C964-D751-4288-96A0-0E0E87AF886A", "versionEndExcluding": "26.02", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service."}], "id": "CVE-2026-24174", "lastModified": "2026-04-16T16:59:40.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2026-04-07T18:16:39.923", "references": [{"source": "psirt@nvidia.com", "tags": ["US Government Resource"], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24174"}, {"source": "psirt@nvidia.com", "tags": ["Vendor Advisory"], "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5816"}, {"source": "psirt@nvidia.com", "tags": ["Third Party Advisory"], "url": "https://www.cve.org/CVERecord?id=CVE-2026-24174"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-681"}], "source": "psirt@nvidia.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["all"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,r26.02)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Triton Inference Server", "source": "cna", "vendor": "NVIDIA"}, "product": "triton_inference_server", "vendor": "nvidia"}], "analysis": {"en": {"generated_at": "2026-04-07T22:02:46.738611+00:00", "value": {"mitigation_remediation": ["Check NVIDIA\u2019s support portal or website for an official patch or update for Triton Inference Server.", "Apply the released patch or upgrade to the latest supported version as soon as it becomes available.", "If no patch is yet available, isolate the inference server behind a firewall or access control solution and restrict inbound connections to trusted hosts.", "Consider implementing input validation or rate limiting on the service to mitigate the impact of malformed requests while a fix is pending.", "Restart the Triton Inference Server after any crash to restore service availability temporarily."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects NVIDIA Triton Inference Server. No specific version information is provided in the advisory, so all currently released versions may be impacted until a vendor fix is issued.", "description_and_impact": "A malformed request sent to NVIDIA Triton Inference Server can cause the service to crash, resulting in a denial of service. This issue corresponds to CWE\u2011681, indicating a misuse of arithmetic operations that leads to uncontrolled behavior. The impact is a loss of availability of the inference server for all clients using that instance.", "risk_and_exploitability": "The CVSS score of 7.5 indicates moderate to high severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation to date. The likely attack vector is remote, through a malformed request that an attacker could send over the network. This can be performed without special privileges on an exposed server, making the vulnerability reasonably easy to exploit in accessible environments."}}}}, "created": "2026-04-08T19:35:07.066607+00:00", "title": "Denial of Service via Malformed Request to NVIDIA Triton Inference Server", "updated": "2026-04-08T19:47:20.284613+00:00", "vendors": ["nvidia", "nvidia$PRODUCT$triton_inference_server"]}