NVIDIA Triton Inference Server: Critical Authentication Bypass (CVE-2026-24207)

May 20, 2026 07:16 /CRITICAL /CVSS 9.8/10

Written by SCW Vulnerability Desk Vulnerability Intelligence

SCW vulnerabilitycvecriticalhigh-severitycode-executioncwe-288

The National Vulnerability Database (NVD) has disclosed CVE-2026-24207, a critical authentication bypass vulnerability in NVIDIA Triton Inference Server. This flaw, rated with a CVSS score of 9.8, carries severe implications, including potential code execution, privilege escalation, data tampering, denial of service, and information disclosure. The root cause is categorized under CWE-288, indicating an authentication bypass vulnerability.

This isn’t just a theoretical flaw; an attacker exploiting this vulnerability could gain unauthorized control over the inference server. Given Triton’s role in AI/ML deployments, a compromise here could lead to manipulation of AI models, exfiltration of sensitive data processed by these models, or even using the server as a pivot point into the broader network. The critical CVSS score underscores the ease of exploitation, requiring no user interaction or prior authentication.

Defenders must prioritize patching NVIDIA Triton Inference Server instances immediately. Organizations running AI/ML workloads with Triton are directly exposed. Beyond patching, review network segmentation around inference servers and implement robust monitoring for unusual access patterns or process activity. Assume compromise if you’re running unpatched versions and initiate incident response procedures.

What This Means For You

If your organization deploys NVIDIA Triton Inference Server, you are at critical risk. Immediately identify all instances, verify their versions, and apply the latest security patches to mitigate CVE-2026-24207. Audit access logs for any anomalous activity preceding the patch deployment.

title: CVE-2026-24207 - NVIDIA Triton Inference Server Authentication Bypass id: scw-2026-05-20-ai-1 status: experimental level: critical description: | Detects potential exploitation of CVE-2026-24207 by looking for requests to the Triton Inference Server's model endpoint ('/v2/models') using the POST method, which are often used for inference. The inclusion of a specific query parameter like 'model_name=' is a hypothetical indicator of an attempt to bypass authentication. Successful exploitation could lead to unauthorized access and further malicious activities. author: SCW Feed Engine (AI-generated) date: 2026-05-20 references: - https://shimiscyberworld.com/posts/nvd-CVE-2026-24207/ tags: - attack.initial_access - attack.t1190 logsource: category: webserver detection: selection: cs-uri|contains: - '/v2/models' cs-method: - 'POST' sc-status: - '200' selection_auth_bypass: cs-uri-query|contains: - 'model_name=' # This is a hypothetical indicator for the bypass, actual exploit might differ condition: selection AND selection_auth_bypass falsepositives: - Legitimate administrative activity

ID	Type	Indicator
CVE-2026-24207	Auth Bypass	NVIDIA Triton Inference Server
CVE-2026-24207	RCE	NVIDIA Triton Inference Server
CVE-2026-24207	Privilege Escalation	NVIDIA Triton Inference Server
CVE-2026-24207	Information Disclosure	NVIDIA Triton Inference Server
CVE-2026-24207	DoS	NVIDIA Triton Inference Server

Type

Indicator

CVE-2026-24207

Auth Bypass