Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure.
AnalysisAI
Authentication bypass in NVIDIA Triton Inference Server allows remote unauthenticated attackers to circumvent access controls, potentially leading to privilege escalation, denial of service, or information disclosure. With a CVSS 7.3 score and network-reachable attack vector (AV:N/AC:L/PR:N/UI:N), the flaw is exploitable without user interaction or credentials, though no public exploit identified at time of analysis. The vulnerability is not currently listed in CISA KEV, and EPSS data was not provided in the source intelligence.
Technical ContextAI
NVIDIA Triton Inference Server is an open-source serving framework used to deploy AI/ML models at scale across GPU and CPU infrastructure, supporting frameworks such as TensorFlow, PyTorch, ONNX, and TensorRT. It exposes HTTP/REST and gRPC endpoints for inference, model management, and metrics, frequently deployed in MLOps pipelines and production AI serving stacks. The root cause is CWE-288 (Authentication Bypass Using an Alternate Path or Channel), meaning an attacker can reach protected functionality through a route that fails to enforce the intended authentication check, bypassing the access control layer entirely rather than defeating credentials.
RemediationAI
Consult the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5828 to identify the fixed Triton Inference Server release and upgrade to that version - exact fixed version is not stated in the provided intelligence, so do not assume a specific tag. As compensating controls until patched, place Triton behind an authenticating reverse proxy (e.g., an ingress enforcing mTLS or OAuth) so the bypassable path is unreachable directly, restrict the HTTP (default 8000), gRPC (8001), and metrics (8002) ports to allow-listed client subnets via host or cloud firewall, and disable the model-control and repository management endpoints by running with --model-control-mode=none if the deployment does not require dynamic model loading (trade-off: prevents hot-loading new models without a restart). For multi-tenant or shared environments, isolate each Triton instance per tenant rather than relying on application-layer auth.
The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft
Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct
NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de
The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31049
GHSA-8pxv-chrc-9c6j