{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24146", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "state": "PUBLISHED", "assignerShortName": "nvidia", "dateReserved": "2026-01-21T19:09:27.438Z", "datePublished": "2026-04-07T17:11:54.812Z", "dateUpdated": "2026-04-07T19:18:08.817Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-04-07T17:11:54.812Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-789", "description": "CWE-789 Memory Allocation with Excessive Size Value", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "affected": [{"vendor": "NVIDIA", "product": "Triton Inference Server", "platforms": ["All"], "versions": [{"status": "affected", "version": "All versions prior to r26.02"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service.", "supportingMedia": [{"type": "text/html", "base64": true, "value": "NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service."}]}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24146"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24146"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5816"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "NVIDIA PSIRT"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T19:17:50.274889Z", "id": "CVE-2026-24146", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T19:18:08.817Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24146", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T19:17:50.274889Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T19:18:00.482Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Denial of service"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NVIDIA", "product": "Triton Inference Server", "versions": [{"status": "affected", "version": "All versions prior to r26.02"}], "platforms": ["All"], "defaultStatus": "unaffected"}], "references": [{"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24146"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2026-24146"}, {"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5816"}], "x_generator": {"engine": "NVIDIA PSIRT"}, "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service.", "supportingMedia": [{"type": "text/html", "value": "NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service.", "base64": true}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-789", "description": "CWE-789 Memory Allocation with Excessive Size Value"}]}], "providerMetadata": {"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "shortName": "nvidia", "dateUpdated": "2026-04-07T17:11:54.812Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24146", "state": "PUBLISHED", "dateUpdated": "2026-04-07T19:18:08.817Z", "dateReserved": "2026-01-21T19:09:27.438Z", "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6", "datePublished": "2026-04-07T17:11:54.812Z", "assignerShortName": "nvidia"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service."}], "id": "CVE-2026-24146", "lastModified": "2026-04-08T21:27:00.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "psirt@nvidia.com", "type": "Secondary"}]}, "published": "2026-04-07T18:16:39.347", "references": [{"source": "psirt@nvidia.com", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24146"}, {"source": "psirt@nvidia.com", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5816"}, {"source": "psirt@nvidia.com", "url": "https://www.cve.org/CVERecord?id=CVE-2026-24146"}], "sourceIdentifier": "psirt@nvidia.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "psirt@nvidia.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["all"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,r26.02)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Triton Inference Server", "source": "cna", "vendor": "NVIDIA"}, "product": "triton_inference_server", "vendor": "nvidia"}], "analysis": {"en": {"generated_at": "2026-04-07T22:03:24.390877+00:00", "value": {"mitigation_remediation": ["Apply the latest NVIDIA Triton Inference Server patch or upgrade to a newer release when available.", "Confirm whether your deployment is vulnerable by contacting NVIDIA support or reviewing release notes.", "Implement input size restrictions or validate inference requests to prevent large payloads from causing resource exhaustion.", "Monitor server stability and log for crashes, and apply rate limiting as a temporary measure."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All versions of NVIDIA Triton Inference Server may be affected. The CNA list only includes the vendor/product; no specific version information is provided. Users should verify their deployment against NVIDIA documentation or support channels.", "description_and_impact": "The vulnerability in NVIDIA Triton Inference Server arises from insufficient input validation coupled with the ability to request a large number of outputs. This weakness can cause the server process to crash, preventing it from responding to legitimate inference requests. The core issue aligns with CWE\u2011789, leading to a denial of service without impacting data confidentiality or integrity.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high risk, while the EPSS score is unavailable, making it hard to gauge exploitation frequency. The vulnerability is not in the CISA KEV catalog. Based on the description, the likely attack vector involves sending a crafted inference request with a large payload or many outputs to exhaust resources and trigger a crash. Precise prerequisites or attack vector details are inferred from the description."}}}}, "created": "2026-04-08T19:36:27.186282+00:00", "title": "Denial of Service in NVIDIA Triton Inference Server Due to Insufficient Input Validation", "updated": "2026-04-08T19:47:23.639253+00:00", "vendors": ["nvidia", "nvidia$PRODUCT$triton_inference_server"]}