CVE-2026-24207

Vulnerability

Overview NVIDIA Triton Inference Server contains a critical authentication bypass vulnerability. The root cause lies in improper handling of authentication mechanisms within the server's components, allowing an attacker to circumvent security checks without valid credentials.

Attack

Vector and Exploitation Prerequisites The vulnerability can be exploited remotely over the network without any authentication requirements. An attacker does not need to possess prior user credentials or have physical access to the system. The attack surface is exposed via the server's network-facing APIs or interfaces that rely on the flawed authentication logic [1].

Impact

Successful exploitation grants an attacker unauthorized access to the inference server. Depending on the attacker's goals, this could lead to complete compromise of the server, including remote code execution, escalation of privileges to administrative levels, manipulation of inference data, denial of service, or exposure of sensitive information [1].

Mitigation

Status As of the publication date (20 May 2026), the vendor has not yet released a security update or workaround. Users are advised to monitor NVIDIA's security advisories and apply patches as soon as they become available, or restrict network access to the Triton server until a fix is deployed [1].