Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service.
AnalysisAI
Integer overflow in NVIDIA Triton Inference Server allows unauthenticated remote attackers to crash the server through malformed requests, causing denial of service. All versions prior to r26.02 are affected. CVSS 7.5 (High) with network attack vector, low complexity, and no authentication required. EPSS and KEV data not provided; no public exploit identified at time of analysis. Organizations running Triton Inference Server for ML model deployment should prioritize patching to prevent service disruption.
Technical ContextAI
NVIDIA Triton Inference Server is an open-source inference serving platform for deploying machine learning models at scale. This vulnerability stems from an integer overflow weakness (CWE-190), where arithmetic operations on integer values can wrap around beyond maximum or minimum representable values. When processing network requests, the server fails to properly validate or bound certain integer calculations, allowing specially crafted malformed requests to trigger overflow conditions. The affected component is cpe:2.3:a:nvidia:triton_inference_server, indicating the core server application across all deployment configurations. Integer overflows in network-facing services typically occur during buffer size calculations, memory allocation routines, or protocol parsing logic, potentially causing crashes through memory corruption or assertion failures when the resulting invalid values propagate through the system.
RemediationAI
Upgrade to NVIDIA Triton Inference Server release r26.02 or later, which contains fixes for the integer overflow vulnerability. Download the patched version from the official NVIDIA NGC catalog or GitHub repository at github.com/triton-inference-server/server. For containerized deployments, pull updated container images tagged r26.02 or newer from nvcr.io/nvidia/tritonserver. Verify the patch by checking the release version post-upgrade. As a temporary mitigation for environments where immediate patching is not feasible, implement network-level controls to restrict Triton server access to trusted clients only using firewall rules, authentication proxies, or network segmentation. Deploy request validation and rate limiting at the load balancer or API gateway layer to filter malformed requests before they reach the inference server. Monitor server logs for unusual crash patterns or repeated connection attempts with malformed data. Consult the complete remediation guidance in NVIDIA's security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5816 for additional mitigation strategies and deployment-specific recommendations.
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft
Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19755