Skip to main content

NVIDIA Triton Inference Server CVE-2026-24206

| EUVDEUVD-2026-31049 HIGH
Authentication Bypass Using an Alternate Path or Channel (CWE-288)
2026-05-20 nvidia GHSA-8pxv-chrc-9c6j
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
Analysis Generated
May 20, 2026 - 04:01 vuln.today

DescriptionCVE.org

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure.

AnalysisAI

Authentication bypass in NVIDIA Triton Inference Server allows remote unauthenticated attackers to circumvent access controls, potentially leading to privilege escalation, denial of service, or information disclosure. With a CVSS 7.3 score and network-reachable attack vector (AV:N/AC:L/PR:N/UI:N), the flaw is exploitable without user interaction or credentials, though no public exploit identified at time of analysis. The vulnerability is not currently listed in CISA KEV, and EPSS data was not provided in the source intelligence.

Technical ContextAI

NVIDIA Triton Inference Server is an open-source serving framework used to deploy AI/ML models at scale across GPU and CPU infrastructure, supporting frameworks such as TensorFlow, PyTorch, ONNX, and TensorRT. It exposes HTTP/REST and gRPC endpoints for inference, model management, and metrics, frequently deployed in MLOps pipelines and production AI serving stacks. The root cause is CWE-288 (Authentication Bypass Using an Alternate Path or Channel), meaning an attacker can reach protected functionality through a route that fails to enforce the intended authentication check, bypassing the access control layer entirely rather than defeating credentials.

RemediationAI

Consult the NVIDIA security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5828 to identify the fixed Triton Inference Server release and upgrade to that version - exact fixed version is not stated in the provided intelligence, so do not assume a specific tag. As compensating controls until patched, place Triton behind an authenticating reverse proxy (e.g., an ingress enforcing mTLS or OAuth) so the bypassable path is unreachable directly, restrict the HTTP (default 8000), gRPC (8001), and metrics (8002) ports to allow-listed client subnets via host or cloud firewall, and disable the model-control and repository management endpoints by running with --model-control-mode=none if the deployment does not require dynamic model loading (trade-off: prevents hot-loading new models without a restart). For multi-tenant or shared environments, isolate each Triton instance per tenant rather than relying on application-layer auth.

More in Nvidia

View all
CVE-2016-1741 CRITICAL POC
9.8 Mar 24

The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary c

CVE-2013-0109 HIGH POC
7.2 Apr 08

The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not

CVE-2019-5684 CRITICAL POC
10.0 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2026-24207 CRITICAL POC
9.8 May 20

Authentication bypass in NVIDIA Triton Inference Server allows unauthenticated remote attackers to reach protected funct

CVE-2019-5685 CRITICAL POC
9.8 Aug 06

NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in DirectX drivers, in which a specially craft

CVE-2025-23359 HIGH POC
8.3 Feb 12

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default co

CVE-2016-8812 HIGH POC
8.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before G

CVE-2016-1861 HIGH POC
7.8 Jun 19

The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privi

CVE-2024-0132 HIGH POC
8.3 Sep 26

NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with de

CVE-2016-1846 HIGH POC
7.8 May 20

The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows a

CVE-2015-7865 HIGH POC
7.7 Nov 24

nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before

CVE-2016-8811 HIGH POC
7.8 Nov 08

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 3

Share

CVE-2026-24206 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy