EXECUTIVE SUMMARY:
A group of vulnerabilities has been uncovered in the NVIDIA Triton Inference Server running on Linux platforms. The vulnerabilities are categorized as remote code execution (RCE), authentication bypass, and denial of service (DoS). These issues pose significant business risks, including escalation of privileges, data tampering, information disclosure, and denial of service. The exploitation of these vulnerabilities could lead to significant business disruptions, financial losses, and reputational damage. CVE-2026-24207 with a CVSS score of 9.8 – This flaw allows an attacker to cause an authentication bypass, potentially leading to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. The vulnerability exists within the NVIDIA Triton Inference Server and can be exploited by a remote, unauthenticated attacker. CVE-2026-24213 with a CVSS score of 8.0 – An attacker could cause an out-of-bounds read, potentially leading to code execution, data tampering, denial of service, or information disclosure. This vulnerability affects the server's DALI backend. CVE-2026-24214 with a CVSS score of 7.5 – This vulnerability allows an attacker to cause an integer overflow, potentially leading to code execution, data tampering, or denial of service. The vulnerability affects the server's DALI backend. CVE-2026-24215 with a CVSS score of 5.7 – An attacker could cause uncontrolled resource consumption, potentially leading to denial of service. The vulnerability affects the server's DALI backend. CVE-2026-24209 with a CVSS score of 7.5 – An attacker could cause a path traversal issue, potentially leading to denial of service. The vulnerability affects the Triton Inference Server. CVE-2026-24210 with a CVSS score of 7.5 – This vulnerability allows an attacker to cause an integer overflow, potentially leading to denial of service. The vulnerability affects the Triton Inference Server. CVE-2026-24206 with a CVSS score of 7.3 – An attacker could cause an authentication bypass, potentially leading to escalation of privileges, denial of service, or information disclosure. The vulnerability affects the Triton Inference Server. CVE-2026-24208 with a CVSS score of 5.3 – An attacker could cause a path traversal issue, potentially leading to denial of service. The vulnerability affects the Triton Inference Server.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
A group of vulnerabilities has been uncovered in the NVIDIA Triton Inference Server running on Linux platforms. The vulnerabilities are categorized as remote code execution (RCE), authentication bypass, and denial of service (DoS). These issues pose significant business risks, including escalation of privileges, data tampering, information disclosure, and denial of service. The exploitation of these vulnerabilities could lead to significant business disruptions, financial losses, and reputational damage. CVE-2026-24207 with a CVSS score of 9.8 – This flaw allows an attacker to cause an authentication bypass, potentially leading to code execution, escalation of privileges, data tampering, denial of service, or information disclosure. The vulnerability exists within the NVIDIA Triton Inference Server and can be exploited by a remote, unauthenticated attacker. CVE-2026-24213 with a CVSS score of 8.0 – An attacker could cause an out-of-bounds read, potentially leading to code execution, data tampering, denial of service, or information disclosure. This vulnerability affects the server's DALI backend. CVE-2026-24214 with a CVSS score of 7.5 – This vulnerability allows an attacker to cause an integer overflow, potentially leading to code execution, data tampering, or denial of service. The vulnerability affects the server's DALI backend. CVE-2026-24215 with a CVSS score of 5.7 – An attacker could cause uncontrolled resource consumption, potentially leading to denial of service. The vulnerability affects the server's DALI backend. CVE-2026-24209 with a CVSS score of 7.5 – An attacker could cause a path traversal issue, potentially leading to denial of service. The vulnerability affects the Triton Inference Server. CVE-2026-24210 with a CVSS score of 7.5 – This vulnerability allows an attacker to cause an integer overflow, potentially leading to denial of service. The vulnerability affects the Triton Inference Server. CVE-2026-24206 with a CVSS score of 7.3 – An attacker could cause an authentication bypass, potentially leading to escalation of privileges, denial of service, or information disclosure. The vulnerability affects the Triton Inference Server. CVE-2026-24208 with a CVSS score of 5.3 – An attacker could cause a path traversal issue, potentially leading to denial of service. The vulnerability affects the Triton Inference Server.[emaillocker id="1283"]
RECOMMENDATION:
We strongly recommend you update NVIDIA Triton Inference Server to below version: https://github.com/triton-inference-server/server/releases
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/nvidia-triton-inference-server-vulnerability-cve-2026-24207-authentication-bypass/