CVE-2023-31036 HIGH

CVE-2023-31036: CVE

Vendor Nvidia
Product Triton Inference Server
Weakness CWE-23
Published January 12, 2024
Last update June 17, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Key dates

02Disclosure timeline

January 12, 2024 CVE published
June 17, 2025 Record updated