Authentication Bypass in NVIDIA Triton Inference Server
CVE-2026-24207

9.8CRITICAL

Key Information:

Vendor

Nvidia

Vendor
CVE Published:
20 May 2026

What is CVE-2026-24207?

CVE-2026-24207 is a significant vulnerability found in the NVIDIA Triton Inference Server, which is designed to facilitate the deployment and management of AI models in production environments. This server plays a crucial role in accelerating model inference, enabling organizations to harness AI capabilities effectively. The vulnerability allows for authentication bypass, which means that unauthorized users could potentially gain access to the server without proper credentials. This exploit may lead to severe negative outcomes for an organization, including the ability to execute arbitrary code, escalate privileges, tamper with data, cause service disruptions, or disclose sensitive information. Given the critical role of the Triton Inference Server in AI operations, such a vulnerability poses a serious risk to the integrity and security of deployed AI solutions.

Potential impact of CVE-2026-24207

  1. Code Execution Risks: The vulnerability enables attackers to execute arbitrary code on the server, which can compromise the server's functionality and introduce malicious activities that disrupt normal operations.

  2. Privilege Escalation: Once an attacker bypasses authentication, they could elevate their access rights, granting them control over sensitive server functions and data, potentially leading to unauthorized administrative control.

  3. Data Tampering and Disclosure: The exploit allows for potential data manipulation, which can undermine the integrity of AI models and their outputs. Furthermore, there is a risk of sensitive data being exposed to unauthorized parties, causing compliance and reputational issues for the organization.

Affected Version(s)

Triton Inference Server Linux All versions prior to r26.03

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.