| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| Exploit for Authentication Bypass Using an Alternate Path or Channel in Nvidia Triton_Inference_Server | 26 Jun 202606:30 | – | githubexploit | |
| Exploit for Authentication Bypass Using an Alternate Path or Channel in Nvidia Triton_Inference_Server | 26 Jun 202606:30 | – | githubexploit | |
| CVE-2026-24207 | 20 May 202602:42 | – | attackerkb | |
| CVE-2026-24207 | 20 May 202604:30 | – | circl | |
| NVIDIA Triton Inference Server 安全漏洞 | 20 May 202600:00 | – | cnnvd | |
| CVE-2026-24207 | 20 May 202602:42 | – | cve | |
| CVE-2026-24207 | 20 May 202602:42 | – | cvelist | |
| EUVD-2026-31047 | 20 May 202602:42 | – | euvd | |
| CVE-2026-24207 | 20 May 202604:16 | – | nvd | |
| Security Bulletin: NVIDIA Triton Inference Server - May 2026 | 19 May 202600:00 | – | nvidia |
| Source | Link |
|---|---|
| github | www.github.com/offseckit/CVE-2026-24207 |
| offseckit | www.offseckit.com/blog/cve-2026-24207 |
id: CVE-2026-24207
info:
name: NVIDIA Triton Inference Server <= 26.02 - Authentication Bypass
author: VixianSchool
severity: critical
description: |
NVIDIA Triton Inference Server contains an authentication bypass vulnerability, letting attackers bypass authentication and potentially execute code, escalate privileges, tamper data, cause denial of service, or disclose information, exploit requires no special conditions.
impact: |
Attackers can bypass authentication to execute code, escalate privileges, tamper data, cause denial of service, or disclose sensitive information.
remediation: |
Update to the latest version of NVIDIA Triton Inference Server.
reference:
- https://github.com/offseckit/CVE-2026-24207
- https://offseckit.com/blog/cve-2026-24207
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2026-24207
epss-score: 0.00828
epss-percentile: 0.53211
cwe-id: CWE-288
metadata:
verified: true
max-request: 2
vendor: nvidia
product: triton-inference-server
shodan-query: 'http.title:"Triton" port:8080'
tags: cve,cve2026,nvidia,triton,auth-bypass,rce,ml,ai
http:
- method: GET
path:
- "{{BaseURL}}/models"
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "contains(body, '\"models\":[')"
- "!contains(body, 'This API is restricted')"
- "!contains(body, 'restricted')"
condition: and
# digest: 4b0a00483046022100a329a93e19114168ce234a3b7eba4a66095fe388de61d205d9a4ef875f33d186022100c6cb66702c020d2ec1b6f94bf34d60df25b075fe343395e5d315ce5d7a0a802f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation