NVIDIA Triton Inference Server: Critical Auth Bypass Puts AI Workloads at Risk

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityauthentication-bypasscwe-288
NVIDIA Triton Inference Server: Critical Auth Bypass Puts AI Workloads at Risk

The National Vulnerability Database has disclosed CVE-2026-24206, an authentication bypass vulnerability in NVIDIA Triton Inference Server. This flaw carries a CVSSv3.1 score of 7.3 (High) and is categorized under CWE-288, indicating an authentication bypass using an alternate path or channel.

Successful exploitation of this vulnerability could lead to significant security compromises, including escalation of privileges, denial of service, and information disclosure. While specific affected product versions were not detailed by the National Vulnerability Database, the broad impact categories suggest a fundamental flaw that could undermine the integrity and confidentiality of AI/ML inference workloads.

For defenders, this means a critical review of NVIDIA Triton Inference Server deployments is necessary. An authentication bypass at this level can grant attackers unfettered access, effectively neutralizing perimeter defenses and allowing direct manipulation or exfiltration of sensitive models and data. The attacker’s calculus here is straightforward: bypass the gate, own the inference engine, and by extension, the data it processes.

What This Means For You

  • If your organization utilizes NVIDIA Triton Inference Server, you must prioritize identifying all instances within your environment. Verify your current version and be prepared to apply patches immediately once they are released. Proactive monitoring for unusual access patterns or activity on these servers is also crucial to detect potential pre-patch exploitation attempts. This isn't theoretical – an auth bypass is a direct path to compromise.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1548.002 Setuid and Setgid Privilege Escalation T1068 Exploitation for Privilege Escalation Privilege Escalation

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

NVIDIA Triton Inference Server Auth Bypass Attempt - Free Tier

Sigma YAML — free preview 
title: NVIDIA Triton Inference Server Auth Bypass Attempt - Free Tier
id: scw-2026-05-20-ai-1
status: experimental
level: critical
description: |
  This rule detects attempts to access the Triton Inference Server's model inference endpoint ('/v2/models' with 'infer' in query) that result in an authentication error (401 or 403). This is a primary indicator of an attempt to exploit CVE-2026-24206, which allows for authentication bypass. The vulnerability could lead to unauthorized access and further compromise of AI workloads.
author: SCW Feed Engine (AI-generated)
date: 2026-05-20
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-24206/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/v2/models'
      cs-uri-query|contains:
          - 'infer'
      sc-status:
          - 401
          - 403
      condition: cs-uri AND cs-uri-query AND sc-status
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-24206 Auth Bypass NVIDIA Triton Inference Server
CVE-2026-24206 Privilege Escalation NVIDIA Triton Inference Server
CVE-2026-24206 DoS NVIDIA Triton Inference Server
CVE-2026-24206 Information Disclosure NVIDIA Triton Inference Server

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 20, 2026 at 07:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-20240 — Denial of Service

CVE-2026-20240 — In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.11, and 9.3.12, and Splunk Cloud Platform versions below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, and 9.3.2411.129,...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-20
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma

Splunk Enterprise, Cloud Vulnerability Exposes Session Cookies, Sensitive Data

CVE-2026-20239 — In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11, 10.1.2507.21, and 10.0.2503.13, a user with a...

vulnerabilityCVEhigh-severitycwe-532
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 5 IOCs /⚙ 4 Sigma

CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged

CVE-2026-20238 — In Splunk AI Toolkit versions below 5.7.3, a low-privileged user that does not hold the 'admin' or 'power' roles could access confidential data...

vulnerabilityCVEmedium-severitycwe-863
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma