CVE-2026-24207
Analyzed Analyzed - Analysis Complete

Authentication Bypass in NVIDIA Triton Inference Server

Publication date: 2026-05-20

Last updated on: 2026-05-20

Assigner: NVIDIA Corporation

Description
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-20
Last Modified
2026-05-20
Generated
2026-06-29
AI Q&A
2026-05-20
EPSS Evaluated
2026-06-28
NVD
CVE-2026-24207
EUVD
EUVD-2026-31047

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nvidia triton_inference_server to 26.03 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-24207 is a vulnerability in the NVIDIA Triton Inference Server that allows an attacker to bypass authentication.

This means an attacker can gain unauthorized access without proper credentials.

The vulnerability is classified as an authentication bypass using an alternate path or channel (CWE-288).

Compliance Impact

The vulnerability in NVIDIA Triton Inference Server allows an attacker to bypass authentication, potentially leading to code execution, privilege escalation, data tampering, denial of service, or information disclosure.

Such impacts could negatively affect compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and secure access controls.

However, the provided information does not explicitly describe the direct effects on compliance with these standards.

Impact Analysis

Exploiting this vulnerability could lead to several severe impacts including:

  • Code execution by the attacker
  • Escalation of privileges
  • Data tampering
  • Denial of service
  • Information disclosure

The vulnerability has a critical CVSS v3.1 base score of 9.8, indicating high severity and ease of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24207. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart