Skip to main content

Nvidia CVE-2026-24173

| EUVDEUVD-2026-19755 HIGH
Integer Overflow or Wraparound (CWE-190)
2026-04-07 nvidia
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 16, 2026 - 17:22 vuln.today
cvss_changed
EUVD ID Assigned
Apr 07, 2026 - 18:00 euvd
EUVD-2026-19755
Analysis Generated
Apr 07, 2026 - 18:00 vuln.today
CVE Published
Apr 07, 2026 - 17:12 nvd
HIGH 7.5

DescriptionCVE.org

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service.

AnalysisAI

Integer overflow in NVIDIA Triton Inference Server allows unauthenticated remote attackers to crash the server through malformed requests, causing denial of service. All versions prior to r26.02 are affected. CVSS 7.5 (High) with network attack vector, low complexity, and no authentication required. EPSS and KEV data not provided; no public exploit identified at time of analysis. Organizations running Triton Inference Server for ML model deployment should prioritize patching to prevent service disruption.

Technical ContextAI

NVIDIA Triton Inference Server is an open-source inference serving platform for deploying machine learning models at scale. This vulnerability stems from an integer overflow weakness (CWE-190), where arithmetic operations on integer values can wrap around beyond maximum or minimum representable values. When processing network requests, the server fails to properly validate or bound certain integer calculations, allowing specially crafted malformed requests to trigger overflow conditions. The affected component is cpe:2.3:a:nvidia:triton_inference_server, indicating the core server application across all deployment configurations. Integer overflows in network-facing services typically occur during buffer size calculations, memory allocation routines, or protocol parsing logic, potentially causing crashes through memory corruption or assertion failures when the resulting invalid values propagate through the system.

RemediationAI

Upgrade to NVIDIA Triton Inference Server release r26.02 or later, which contains fixes for the integer overflow vulnerability. Download the patched version from the official NVIDIA NGC catalog or GitHub repository at github.com/triton-inference-server/server. For containerized deployments, pull updated container images tagged r26.02 or newer from nvcr.io/nvidia/tritonserver. Verify the patch by checking the release version post-upgrade. As a temporary mitigation for environments where immediate patching is not feasible, implement network-level controls to restrict Triton server access to trusted clients only using firewall rules, authentication proxies, or network segmentation. Deploy request validation and rate limiting at the load balancer or API gateway layer to filter malformed requests before they reach the inference server. Monitor server logs for unusual crash patterns or repeated connection attempts with malformed data. Consult the complete remediation guidance in NVIDIA's security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5816 for additional mitigation strategies and deployment-specific recommendations.

More in Nvidia

View all
CVE-2016-1741 CRITICAL POC
9.8 Mar 24

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c

CVE-2013-0109 HIGH POC
7.2 Apr 08

The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not

CVE-2019-5684 CRITICAL POC
10.0 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2026-24207 CRITICAL POC
9.8 May 20

Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct

CVE-2019-5685 CRITICAL POC
9.8 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2025-23359 HIGH POC
8.3 Feb 12

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co

CVE-2016-8812 HIGH POC
8.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G

CVE-2016-1861 HIGH POC
7.8 Jun 19

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi

CVE-2024-0132 HIGH POC
8.3 Sep 26

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de

CVE-2016-1846 HIGH POC
7.8 May 20

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a

CVE-2015-7865 HIGH POC
7.7 Nov 24

nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before

CVE-2016-8811 HIGH POC
7.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3

Share

CVE-2026-24173 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy