Skip to main content

Triton Inference Server CVE-2026-47479

| EUVDEUVD-2026-44431 HIGH
Uncontrolled Resource Consumption (CWE-400)
2026-07-14 nvidia GHSA-6gfh-7rjr-vfmg
7.5
CVSS 3.1 · Vendor: nvidia
Share

Severity by source

Vendor (nvidia) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Network-reachable, unauthenticated, low-complexity DoS with availability-only impact; C/I set to N as the flaw is pure resource exhaustion.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (nvidia).

CVSS VectorVendor: nvidia

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 21:02 vuln.today
CVE Published
Jul 14, 2026 - 19:46 cve.org
HIGH 7.5

DescriptionCVE.org

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service.

AnalysisAI

Denial of service in NVIDIA Triton Inference Server for Linux lets remote unauthenticated attackers exhaust server resources (CWE-400 uncontrolled resource consumption) and render the AI/ML inference endpoint unavailable, with no impact to confidentiality or integrity. The CVSS 3.1 base score is 7.5 (AV:N/AC:L/PR:N/UI:N/A:H), reflecting network-reachable, low-complexity, no-privilege exploitation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach exposed Triton endpoint (HTTP/gRPC)
Delivery
Send crafted/high-volume inference requests
Exploit
Trigger uncontrolled resource allocation
Execution
Exhaust CPU/memory/threads
Impact
Inference service denial of service

Vulnerability AssessmentAI

Exploitation The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates no special conditions - remote unauthenticated exploitation against network-reachable instances of NVIDIA Triton Inference Server for Linux. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS vector is internally consistent for a DoS: AV:N (network), AC:L (low complexity), PR:N (no privileges), UI:N (no interaction), S:U, with A:H and C:N/I:N - a clean availability-only impact scoring 7.5 (High). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach an internet- or network-exposed Triton endpoint sends a crafted or high-volume sequence of inference/API requests that the server processes without an effective resource bound, driving CPU/memory/thread usage until the service stops responding. Because exploitation requires no authentication and no user interaction (PR:N/UI:N) and is low-complexity (AC:L), the attack is repeatable and cheap; no public exploit code is currently identified, but the low barrier makes independent development straightforward.
Remediation No vendor-released patch version was identified in the provided data, so consult the NVIDIA product security advisory for CVE-2026-47479 (referenced via https://nvd.nist.gov/vuln/detail/CVE-2026-47479) and upgrade Triton Inference Server to the fixed release NVIDIA specifies. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify and inventory all NVIDIA Triton Inference Server instances, document version numbers, implement network-level rate limiting or Web Application Firewall rules to restrict incoming request rates, and activate real-time monitoring and alerting for resource utilization anomalies (CPU, memory, network I/O). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-0087 HIGH
8.8 May 14

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitr

CVE-2024-0100 HIGH
8.1 May 14

NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system fi

CVE-2024-0088 HIGH
8.1 May 14

NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an impro

CVE-2026-24264 HIGH
7.5 Jul 01

Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to exhaust server

CVE-2026-24266 HIGH
7.5 Jul 01

Denial of service in NVIDIA Triton Inference Server for Linux (versions through 26.03) allows a remote attacker to crash

CVE-2023-31036 HIGH POC
7.5 Jan 12

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-de

CVE-2025-33211 HIGH
7.5 Dec 03

NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified

CVE-2025-33201 HIGH
7.5 Dec 03

NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exc

CVE-2026-47482 HIGH
7.5 Jul 14

Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to exhaust host mem

CVE-2026-47480 HIGH
7.5 Jul 14

Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to crash the servic

CVE-2026-47478 HIGH
7.5 Jul 14

Denial of service in NVIDIA Triton Inference Server for Linux allows a remote, unauthenticated attacker to disrupt avail

CVE-2026-47477 HIGH
7.5 Jul 14

Denial of service in NVIDIA Triton Inference Server for Linux stems from a stack-based buffer overflow (CWE-121) reachab

Share

CVE-2026-47479 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy