High-Severity CVE-2026-24173 Exposes NVIDIA Triton Inference Server to Denial of Service

What Happened

NVIDIA has disclosed a critical vulnerability affecting its Triton Inference Server, identified as CVE-2026-24173. This issue was discovered on October 5, 2026, during routine code auditing and security assessments carried out by NVIDIA's internal security team. The vulnerability resides in the server's request handling mechanism, which can be exploited by sending specially crafted, malformed requests. This ultimately causes the server to crash, leading to a Denial of Service (DoS).

The incident raises significant concerns for organizations relying on NVIDIA’s machine learning deployment solutions, particularly those utilizing NVIDIA Triton Inference Server for AI model serving and inferences. The vulnerability has been given a CVSS score of 7.5, classifying it as high severity due to the potential impact on service availability.

Technical Details

CVE-2026-24173 is a vulnerability located in the request parsing logic within the NVIDIA Triton Inference Server. Specifically, it arises from improper handling of malformed input data, allowing attackers to cause unregulated memory consumption, resulting in a server crash. This vulnerability is due to the lack of adequate input validation mechanisms in place.

The affected versions of the Triton Inference Server include all releases prior to version 2.17.0. The criticality of this flaw is underscored by the CVSS 7.5 score, which suggests that it can be exploited remotely by unauthenticated attackers with low complexity.

Indicators of Compromise (IOCs) include a pattern of repeated malformed requests in server logs, unexpected server reboots, or crashes, which provide visibility into potential exploitation attempts. It is recommended to closely monitor network traffic and logs for irregular or abnormal patterns that may indicate probing or exploitation activities.

Impact

Organizations using the affected versions of the NVIDIA Triton Inference Server face a severe risk of service disruption. Such interruptions can cause significant operational impacts, particularly for industries relying on real-time AI and machine learning-based inference services. A successful denial of service attack could lead to downtime of critical applications, affecting everything from autonomous vehicles to financial models, and severely impacting an organization’s operational capabilities.

There are no indications that this vulnerability has been exploited in the wild, but stakeholders are advised to take immediate action to secure their systems.

What To Do

• Upgrade to NVIDIA Triton Inference Server version 2.17.0 or later as soon as possible to secure the environment against this vulnerability.
• Input Validation: Implement robust input validation mechanisms on the server to prevent malformed requests from causing system errors.
• Monitor Logs: Regularly review server logs for evidence of unusual or malicious request patterns that could indicate an attempted exploit.
• Network Security: Apply network-based protection measures such as firewalls or intrusion detection systems (IDS) to filter out known attack patterns.
• Incident Response Planning: Develop and maintain an incident response plan to quickly address and mitigate any service disruptions caused by this vulnerability.

By executing these steps, organizations can bolster their defenses against potential exploit attempts targeting the NVIDIA Triton Inference Server. Ensuring system updates and enhancements to request handling logic can help protect AI service availability and prevent financial and reputational damage originating from a successful attack.