Critical 9.8 CVSS: NVIDIA Triton Inference Server Authentication Bypass Threatens AI Workloads
Do Son 
NVIDIA has released a software update for the NVIDIA Triton Inference Server to address a wave of newly disclosed security vulnerabilities. To protect your system, it is highly recommended to clone or update this software to Triton Server r26.03 or later directly from the NVIDIA Triton Inference Server GitHub repository.
The most severe vulnerability patched in this release is tracked as CVE-2026-24207, which carries a critical CVSS base score of 9.8. This flaw exists within the NVIDIA Triton Inference Server and allows an attacker to cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
The security bulletin also highlights several flaws specifically affecting the server’s DALI backend:
- CVE-2026-24213 (CVSS 8.0): An attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure.
- CVE-2026-24214 (CVSS 7.5): This vulnerability allows an attacker to cause an integer overflow. Exploiting this might lead to code execution, data tampering, or denial of service.
- CVE-2026-24215 (CVSS 5.7): An attacker could cause uncontrolled resource consumption. A successful exploit of this vulnerability might lead to denial of service.
Beyond the DALI backend and the critical 9.8 bug, the update mitigates several other risks within the Triton Inference Server:
- CVE-2026-24209 (CVSS 7.5): An attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.
- CVE-2026-24210 (CVSS 7.5): This vulnerability allows an attacker to cause an integer overflow. A successful exploit might lead to denial of service.
- CVE-2026-24206 (CVSS 7.3): An attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure.
- CVE-2026-24208 (CVSS 5.3): An attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.
These security issues affect all versions of the Triton Inference Server and the DALI Backend prior to r26.03 running on Linux platforms. To fully mitigate these threats, administrators must ensure their deployments are updated to version r26.03.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
