Thousands Affected by NVIDIA 9.8 Auth Bypass

TL;DR

NVIDIA patched several severe vulnerabilities across its AI platforms. The most critical flaw is a 9.8 CVSS authentication bypass in AIStore. Administrators must apply these NVIDIA security updates immediately to protect their networks.

Why It Matters

Thousands of developers and enterprises rely on these NVIDIA tools. Consequently, these flaws present major risks to AI infrastructure worldwide. An attacker could exploit these systems to gain unauthorized access. Furthermore, they could execute malicious code or disrupt daily operations.

How the Attack Works

AIStore serves as a high-performance storage framework for machine learning. The most severe flaw exists within this specific framework. It allows an attacker to bypass authentication mechanisms entirely. Security researchers track this flaw as CVE-2026-24270.

Meanwhile, the Triton Inference Server streamlines AI model deployment. This server software contains several denial-of-service vulnerabilities. An attacker can trigger these issues using highly compressed data. Alternatively, they can use integer overflows to cause system crashes. NVIDIA tracks these issues as CVE-2026-24264 and CVE-2026-24266.

Finally, the NVIDIA Container Toolkit suffers from a race condition. The vendor tracks this specific vulnerability as CVE-2026-24260. An attacker could exploit this time-of-check time-of-use issue to escalate privileges. Currently, security teams have not confirmed any active exploitation in the wild.

Affected Versions

The AIStore authentication bypass impacts versions 0 through 4.4. The Triton Inference Server vulnerabilities affect Linux versions 0.0 through 26.03. The Container Toolkit flaw affects all versions up to 1.19.0. Additionally, the GPU Operator is vulnerable up to version 26.3.1.

Patch or Mitigation Steps

Users must upgrade their systems immediately to prevent attacks. To fix AIStore, administrators should download the AIStore v4.5 release. Additionally, users must update their installations from the Triton Inference Server GitHub repo to version 26.04. Finally, protect container environments by following the Container Toolkit install guide to deploy version 1.19.1.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.