Skip to main content

Triton Inference Server EUVDEUVD-2026-41026

| CVE-2026-24266 MEDIUM
Use After Free (CWE-416)
2026-07-01 nvidia GHSA-2p66-jqj6-xc58
5.9
CVSS 3.1 · Vendor: nvidia
Share

Severity by source

Vendor (nvidia) PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.9 MEDIUM

Network-reachable UAF with no auth required, but high complexity to trigger reliably; impact is availability-only with no confidentiality or integrity consequence.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (nvidia).

CVSS VectorVendor: nvidia

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 01, 2026 - 16:06 vuln.today
CVE Published
Jul 01, 2026 - 15:11 cve.org
MEDIUM 5.9

DescriptionCVE.org

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause a use-after-free issue. A successful exploit of this vulnerability might lead to denial of service.

AnalysisAI

Use-after-free memory corruption in NVIDIA Triton Inference Server on Linux enables remote attackers to crash the inference service. The vulnerability requires no authentication and no user interaction, but high attack complexity (CVSS AC:H) limits opportunistic exploitation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach Triton network endpoint
Delivery
Send crafted inference requests
Exploit
Trigger use-after-free in server memory
Execution
Corrupt heap state
Persist
Crash Triton process
Impact
Inference service denied

Vulnerability AssessmentAI

Exploitation No authentication is required (CVSS PR:N) and no user interaction is needed (CVSS UI:N), but CVSS AC:H confirms that exploitation requires overcoming high attack complexity - likely a race condition, heap grooming, or precise request sequencing to trigger the use-after-free reliably. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS base score of 5.9 (Medium) reflects a genuine tension between network reachability (AV:N, PR:N, UI:N) and high attack complexity (AC:H) with availability-only impact (A:H, C:N, I:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An unauthenticated remote attacker sends a sequence of crafted inference requests to a Triton server's network endpoint, triggering a race condition or specific memory deallocation sequence that causes the server to reference freed heap memory. The resulting use-after-free corrupts internal state and terminates the Triton process, denying inference service to all downstream clients. …
Remediation Consult the NVIDIA Product Security advisory at https://github.com/NVIDIA/product-security/tree/main/2026/5848 for the vendor-released patch and exact fixed version - no specific fix version was confirmed in the available source data at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-33211 HIGH
7.5 Dec 03

NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified

CVE-2025-33201 HIGH
7.5 Dec 03

NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exc

CVE-2026-24264 HIGH
7.5 Jul 01

Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to exhaust server

CVE-2025-33202 MEDIUM
6.5 Nov 11

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where an attacker could cause a stack over

CVE-2025-23336 MEDIUM
4.4 Sep 17

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause a denial of

CVE-2025-23329 HIGH
7.5 Sep 17

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause memory corru

CVE-2025-23328 HIGH
7.5 Sep 17

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bo

CVE-2025-23316 CRITICAL
9.8 Sep 17

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker c

CVE-2025-23268 HIGH
8.0 Sep 17

NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper inpu

CVE-2025-23335 MEDIUM
4.4 Aug 06

NVIDIA Triton Inference Server for Windows and Linux and the Tensor RT backend contain a vulnerability where an attacker

CVE-2025-23334 MEDIUM
5.9 Aug 06

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker c

CVE-2025-23333 MEDIUM
5.9 Aug 06

NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability in the Python backend, where an attacker c

Share

EUVD-2026-41026 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy