• Support request cancellation in gRPC C++ client.
• Added support for GPU_DEVICE_IDS in the vLLM backend to allow loading multi-GPU models on specific GPUs.
• Fixed memory inefficiency in gRPC BYTES input handling.
• Improved memory management in HTTP request decompression.
• Fixed memory inefficiency caused by duplicate output names in inference requests.
• Improved JSON input handling in HTTP requests.
• Fixed a server crash in SageMaker request processing.
• Fixed uncaught exception in Model Repository Load API.
• Prevented Triton reserved parameter keys being overwritten by forwarded request headers.
• Prevented memory exhaustion by capping HTTP request total chunks at 65536.
• Azure Managed Identity: Added Azure Managed Identity authentication support for Azure Storage model repositories, so Triton can load models from Azure without static credentials.
• Rust client: Added a Rust gRPC client library to the supported client languages.
• HTTP frontend hardening: Capped chunked HTTP request chunk count at 65536 to prevent memory exhaustion, prevented memory retention on failed compressed HTTP requests, pre-allocated the serialized buffer for gRPC BYTES input, and made deeply nested JSON in repository index requests safe by switching the parser to iterative mode.
• Reserved parameter keys: Triton now rejects inference requests whose parameters or forward headers use Triton-reserved keys; the Python client enforces the same rejection on the send side.
• Duplicate output names: Triton validates and rejects inference requests that contain duplicate output names in both HTTP and gRPC.
• Wheel platform tags: The tritonserver, tritonfrontend, and Python client wheels now carry arch-specific manylinux platform tags via auditwheel repair, so pip selects the correct wheel on each architecture.
• Container/SDK build: Added auditwheel to the Dockerfile.sdk sdk_build stage and to the Model Analyzer devel container to support arch-specific manylinux wheel tagging.
• Robustness fixes: Safer handling of filesystem exceptions across core, server, and client; fixed a RequestTracker counter mismatch; fixed a null pointer dereference in SageMaker server logging; and avoided reusing a closed file descriptor in the server.
• TritonJson: Added new MemberIsNullIs[type] helpers for safer JSON field-presence and null checks.
• PyTorch backend: Added complex I/O type support for PT2 models, fixed an invalid index in io_data, reduced unnecessary log noise with PT2 models, and streamlined library distribution for the 26.05 upstream container build.
• vLLM backend: Added GPU_DEVICE_IDS to pin multi-GPU models to specific GPUs; replaced pickle with json for inter-process payloads; updated the TokensPrompt import path for the latest vLLM.
• Security: Bumped vulnerable Python client dependencies.

• Avoid the specific APIs/flows (low-level OCB, BIO_f_linebuffer with short writes, CMS password-based decryption, low-level GF(2^m) with untrusted params) for many linux binaries, in order to avoid exposure to known issues in OpenSSL 1.1.1.
• vLLM's v0 API and Ray are affected by vulnerabilities. Users should consider their own architecture and mitigation steps which may include but should not be limited to:
  • Do not expose Ray executors and vLLM hosts to a network where any untrusted connections might reach the host.
  • Ensure that only the other vLLM hosts are able to connect to the TCP port used for the XPUB socket. Note that the port used is random.
• When using Valgrind or other leak detection tools on AGX-Thor or DGX-Spark systems, you might see memory leaks attributed to NvRmGpuLibOpen.
• Valgrind or other memory leak detection tools may occasionally report leaks related to DCGM. These reports are intermittent and often disappear on retry.
• CuPy has issues with the CUDA 13 Device API in multithreaded contexts. Avoid using tritonclient cuda_shared_memory APIs in multithreaded environments until fixed by CuPy.
• TensorRT calibration cache may require size adjustment in some cases, which was observed for the IGX platform.
• The core Python binding may incur an additional D2H and H2D copy if the backend and frontend both specify device memory to be used for response tensors.
• A segmentation fault related to DCGM and NSCQ may be encountered during server shutdown on NVSwitch systems. A possible workaround for this issue is to disable the collection of GPU metrics tritonserver --allow-gpu-metrics false ....
• When using TensorRT models, if auto-complete configuration is disabled and is_non_linear_format_io:true for reformat-free tensors is not provided in the model configuration, the model may not load successfully.
• When using Python models in decoupled mode, users need to ensure that the ResponseSender goes out of scope or is properly cleaned up before unloading the model to guarantee that the unloading process executes correctly.
• Triton Inference Server with vLLM backend currently does not support running vLLM models with tensor parallelism sizes greater than 1 and the default "distributed_executor_backend" setting when using explicit model control mode. In attempt to load a vllm model (tp > 1) in explicit mode, users could potentially see failure at initialize step: could not acquire lock for <_io.BufferedWriter name='<stdout>'> at interpreter shutdown, possibly due to daemon threads. For the default model control mode, after server shutdown, vllm related sub-processes are not killed. Related vllm issue: vllm-project/vllm#6766. Please specify "distributed_executor_backend":"ray" in the model.json when deploying vllm models with tensor parallelism > 1.
• When loading models with file override, multiple model configuration files are not supported. Users must provide the model configuration by setting parameter "config" : "<JSON>" instead of custom configuration file in the following format: "file:configs/<model-config-name>.pbtxt" : "<base64-encoded-file-content>".
• TensorRT-LLM backend provides limited support of Triton extensions and features.
• The TensorRT-LLM backend may core dump on server shutdown. This impacts server teardown only and will not impact inferencing.
• The Java CAPI is known to have intermittent segfaults.
• Some systems which implement malloc() may not release memory back to the operating system right away causing a false memory leak. This can be mitigated by using a different malloc implementation. Tcmalloc and jemalloc are installed in the Triton container and can be used by specifying the library in LD_PRELOAD. NVIDIA recommends experimenting with both tcmalloc and jemalloc to determine which one works better for your use case.
• Auto-complete may cause an increase in server start time. To avoid a start time increase, users can provide the full model configuration and launch the server with --disable-auto-complete-config.
• Auto-complete does not support PyTorch models due to lack of metadata in the model. It can only verify that the number of inputs and the input names matches what is specified in the model configuration. There is no model metadata about the number of outputs and datatypes. Related PyTorch bug: pytorch/pytorch#38273
• Triton Client PIP wheels for ARM SBSA are not available from PyPI and pip will install an incorrect Jetson version of Triton Client library for Arm SBSA. The correct client wheel file can be pulled directly from the Arm SBSA SDK image and manually installed.
• Traced models in PyTorch seem to create overflows when int8 tensor values are transformed to int32 on the GPU. Refer to pytorch/pytorch#66930 for more information.
• Triton cannot retrieve GPU metrics with MIG-enabled GPU devices.
• Triton metrics might not work if the host machine is running a separate DCGM agent on bare-metal or in a container.

The client libraries and examples are available in this release exclusively via the Ubuntu 24.04–based NGC Container. The SDK container includes the client libraries and examples, Performance Analyzer, and Model Analyzer. See Getting the Client Libraries for more information.

The Triton TensorRT-LLM container image and base layers are updated for this release. Please refer to the support matrix and compatibility.md in the TensorRT-LLM backend repository for all dependency versions.