Lucene search
K

NVIDIA Triton Inference Server <= 26.02 - Authentication Bypass

🗓️ 14 Jul 2026 07:07:24Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 2 Views

NVIDIA Triton Inference Server before 26.02 has authentication bypass enabling code execution, privilege escalation, tampering, denial of service, or data disclosure.

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Authentication Bypass Using an Alternate Path or Channel in Nvidia Triton_Inference_Server
26 Jun 202606:30
githubexploit
GithubExploit
Exploit for Authentication Bypass Using an Alternate Path or Channel in Nvidia Triton_Inference_Server
26 Jun 202606:30
githubexploit
ATTACKERKB
CVE-2026-24207
20 May 202602:42
attackerkb
Circl
CVE-2026-24207
20 May 202604:30
circl
CNNVD
NVIDIA Triton Inference Server 安全漏洞
20 May 202600:00
cnnvd
CVE
CVE-2026-24207
20 May 202602:42
cve
Cvelist
CVE-2026-24207
20 May 202602:42
cvelist
EUVD
EUVD-2026-31047
20 May 202602:42
euvd
NVD
CVE-2026-24207
20 May 202604:16
nvd
Nvidia
Security Bulletin: NVIDIA Triton Inference Server - May 2026
19 May 202600:00
nvidia
Rows per page
id: CVE-2026-24207

info:
  name: NVIDIA Triton Inference Server <= 26.02 - Authentication Bypass
  author: VixianSchool
  severity: critical
  description: |
    NVIDIA Triton Inference Server contains an authentication bypass vulnerability, letting attackers bypass authentication and potentially execute code, escalate privileges, tamper data, cause denial of service, or disclose information, exploit requires no special conditions.
  impact: |
    Attackers can bypass authentication to execute code, escalate privileges, tamper data, cause denial of service, or disclose sensitive information.
  remediation: |
    Update to the latest version of NVIDIA Triton Inference Server.
  reference:
    - https://github.com/offseckit/CVE-2026-24207
    - https://offseckit.com/blog/cve-2026-24207
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2026-24207
    epss-score: 0.00828
    epss-percentile: 0.53211
    cwe-id: CWE-288
  metadata:
    verified: true
    max-request: 2
    vendor: nvidia
    product: triton-inference-server
    shodan-query: 'http.title:"Triton" port:8080'
  tags: cve,cve2026,nvidia,triton,auth-bypass,rce,ml,ai

http:
  - method: GET
    path:
      - "{{BaseURL}}/models"

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains(body, '\"models\":[')"
          - "!contains(body, 'This API is restricted')"
          - "!contains(body, 'restricted')"
        condition: and
# digest: 4b0a00483046022100a329a93e19114168ce234a3b7eba4a66095fe388de61d205d9a4ef875f33d186022100c6cb66702c020d2ec1b6f94bf34d60df25b075fe343395e5d315ce5d7a0a802f:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation