CVE-2026-24147 — Path Traversal in Nvidia Triton Inference Server

CWE-22 — Path Traversal4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.1%

top 79.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Triton Inference Server

Timeline

PublishedApr 7

Description

NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disclosure by uploading a model configuration. A successful exploit of this vulnerability may lead to information disclosure or denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 2.2 | Impact: 2.5

Affected Packages1 packages

▶CVEListV5nvidia/triton_inference_serverAll versions prior to r26.02

🔴Vulnerability Details

GHSA

GHSA-j364-q6wp-mwj2: NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disclosure by uploading a model co↗2026-04-07

▶

CVEList

CVE-2026-24147: NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disclosure by uploading a model co↗2026-04-07

▶

🕵️Threat Intelligence

Wiz

CVE-2026-24147 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶