Skip to main content

Nvidia CVE-2026-24174

| EUVDEUVD-2026-19757 HIGH
Incorrect Conversion between Numeric Types (CWE-681)
2026-04-07 nvidia
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 16, 2026 - 17:22 vuln.today
cvss_changed
EUVD ID Assigned
Apr 07, 2026 - 18:00 euvd
EUVD-2026-19757
Analysis Generated
Apr 07, 2026 - 18:00 vuln.today
CVE Published
Apr 07, 2026 - 17:12 nvd
HIGH 7.5

DescriptionCVE.org

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service.

AnalysisAI

Remote denial of service in NVIDIA Triton Inference Server (all versions prior to r26.02) allows unauthenticated attackers to crash the server via malformed requests. The vulnerability has a CVSS score of 7.5 with network-accessible attack vector and low complexity, requiring no privileges or user interaction. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malformed request packet
Delivery
Send to Triton Inference Server network port
Exploit
Trigger input validation failure
Execution
Crash server process
Impact
Achieve denial of service

Vulnerability AssessmentAI

Exploitation No special conditions — remote unauthenticated attacker can crash NVIDIA Triton Inference Server by sending a malformed request to the default inference endpoint. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is moderate to high for production deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker identifies an internet-exposed NVIDIA Triton Inference Server endpoint (common in cloud-hosted ML inference APIs). The attacker crafts HTTP/gRPC requests with malformed numeric fields that trigger the CWE-681 conversion error, such as sending oversized integers, negative values in unsigned fields, or type-mismatched payloads to inference endpoints. …
Remediation Upgrade immediately to NVIDIA Triton Inference Server release r26.02 or later, which addresses the malformed request handling flaw. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Triton Inference Server deployments and document current versions; isolate internet-facing instances behind a Web Application Firewall (WAF) with request validation rules. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Nvidia

View all
CVE-2025-23359 HIGH POC
8.3 Feb 12

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co

CVE-2026-41512 CRITICAL
9.9 May 08

Remote code execution in ai-scanner versions 1.0.0 through 1.4.0 allows authenticated attackers to inject and execute ar

CVE-2026-24178 CRITICAL
9.8 Apr 28

Authentication bypass in NVIDIA NVFlare Dashboard allows remote unauthenticated attackers to escalate privileges through

CVE-2026-24207 CRITICAL
9.8 May 20

Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct

CVE-2026-24270 CRITICAL
9.8 Jul 01

Authentication bypass in NVIDIA AIStore, a scalable distributed object-storage framework for AI/ML data pipelines, lets

CVE-2026-55447 CRITICAL
9.6 Jun 19

Arbitrary file read leading to remote code execution affects Langflow versions prior to 1.9.2 in any flow that uses Base

CVE-2026-53805 CRITICAL
9.3 Jun 17

Unauthenticated remote code execution in NVIDIA Spatial Intelligence Lab's GEN3C inference API server allows network att

CVE-2025-33187 CRITICAL
9.3 Nov 25

NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to

CVE-2025-33244 CRITICAL
9.0 Mar 24

NVIDIA APEX for Linux contains a deserialization of untrusted data vulnerability that affects environments using PyTorch

CVE-2025-23351 CRITICAL
9.0 Jul 01

Out-of-bounds write in the command interface of NVIDIA ConnectX SmartNICs and BlueField DPUs allows a local user holding

CVE-2025-23350 CRITICAL
9.0 Jul 01

Out-of-bounds write in the command interface of NVIDIA ConnectX network adapters and BlueField DPUs allows a local user

CVE-2025-23254 HIGH
8.8 May 01

NVIDIA TensorRT-LLM for any platform contains a vulnerability in python executor where an attacker may cause a data vali

Share

CVE-2026-24174 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy