Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service.
AnalysisAI
NVIDIA Triton Inference Server crashes when processing inference requests with insufficient input validation combined with large output counts, enabling remote denial of service without authentication (CVSS 7.5, EPSS data not available). The vulnerability affects all versions prior to r26.02, with no public exploit identified at time of analysis. Unauthenticated remote attackers can exploit this flaw with low complexity (AV:N/AC:L/PR:N) to completely disrupt machine learning inference services.
Technical ContextAI
NVIDIA Triton Inference Server is an open-source inference serving platform that provides GPU-accelerated deployment of AI models across frameworks including TensorFlow, PyTorch, and ONNX. This vulnerability is classified as CWE-789 (Memory Allocation with Excessive Size Value), indicating the server fails to properly validate input parameters before allocating resources for inference outputs. When an attacker crafts requests specifying excessively large output dimensions, the insufficient bounds checking allows memory allocation attempts that exceed safe thresholds, triggering a server crash. The affected component is cpe:2.3:a:nvidia:triton_inference_server, which processes inference requests over network protocols (HTTP/gRPC). The lack of input sanitization on output size parameters represents a fundamental input validation failure in the request handling pipeline, where untrusted user-controlled data directly influences resource allocation decisions without proper constraint enforcement.
RemediationAI
Upgrade NVIDIA Triton Inference Server to version r26.02 or later, which contains input validation improvements that properly constrain output size parameters and prevent excessive memory allocation attempts. Download the patched release from NVIDIA NGC (nvcr.io/nvidia/tritonserver:26.02-py3) or build from the corresponding GitHub release tag if using a custom deployment. For environments unable to immediately upgrade, implement network-level rate limiting and request size restrictions on Triton's HTTP (default port 8000) and gRPC (default port 8001) endpoints to mitigate exploitation attempts, though this provides only partial protection against crafted low-volume attacks. Review and restrict network access to inference endpoints using firewall rules or service mesh policies, limiting exposure to trusted clients only. Monitor server logs for abnormal termination events and unusual output dimension values in inference requests. Complete remediation guidance and version-specific patches are documented in NVIDIA's security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5816.
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft
Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19749