CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs Jun 24, 2026

NVIDIA Triton Server Flaw Enables Authentication Bypass Attacks - cyberpress.org

cyberpress.org Archived Jun 24, 2026 ✓ Full text saved

NVIDIA Triton Server Flaw Enables Authentication Bypass Attacks cyberpress.org

Full text archived locally
✦ AI Summary · Claude Sonnet


    NVIDIA Triton Server Flaw Enables Authentication Bypass Attacks By Lucas Martin May 20, 2026 Categories: Cyber Security NewsVulnerability NVIDIA has issued an emergency security bulletin patching eight vulnerabilities in its widely deployed Triton Inference Server, including a critical 9.8 CVSS authentication bypass that allows unauthenticated remote attackers to execute code. The update, released May 18, 2026, follows a growing pattern of high-severity flaws targeting the platform over the past two years. Security researchers have previously uncovered exploitable vulnerability chains in the platform that enabled unauthenticated remote code execution. Multiple NVIDIA Triton Server Vulnerabilities The most severe flaw, CVE-2026-24207 (CVSS 9.8, CWE-288), requires no authentication, no user interaction, and is network-exploitable with low complexity, effectively a zero-barrier intrusion point. Successful exploitation could lead to code execution, privilege escalation, data tampering, denial-of-service, and information disclosure in a single attack chain. A second authentication bypass, CVE-2026-24206 (CVSS 7.3), shares the same CWE-288 classification and remote attack vector, primarily enabling privilege escalation and information disclosure. Researcher Hyeonjun Ahn reported both flaws. Three additional vulnerabilities affect Triton’s DALI (Data Augmentation Library for Inference) backend, a component that handles data pre-processing pipelines for inference workloads: CVE-2026-24213 (CVSS 8.0, CWE-125) — Out-of-bounds read enabling code execution, Denial-of-Service, data tampering, and information disclosure CVE-2026-24214 (CVSS 8.0, CWE-190) — Integer overflow with code execution and data tampering potential CVE-2026-24215 (CVSS 5.7, CWE-400) — Uncontrolled resource consumption leading to denial of service Researcher Navtej Kathuria responsibly disclosed all three DALI backend vulnerabilities.These flaws are consistent with prior patterns; the researcher previously identified out-of-bounds write and shared memory abuse chains in Triton’s Python backend (CVE-2025-23319 through CVE-2025-23334) that similarly enabled full server takeover. Rounding out the bulletin are four additional network-exploitable flaws. CVE-2026-24209 (CVSS 7.5) and CVE-2026-24208 (CVSS 5.3) are path-traversal issues (CWE-22) exploitable by unauthenticated attackers to cause denial-of-service. Both affect core Triton server components and were reported by Sarvesh Patil and Mauritaniacoder, respectively.  CVE-2026-24210 (CVSS 7.5, CWE-190), an integer overflow reported by deayzl, can similarly be triggered without credentials to crash the server, a tactic consistent with previously documented integer overflow DoS patterns in Triton. CVE ID CVSS Severity Type Impact CVE-2026-24207 9.8 Critical Auth Bypass (CWE-288) RCE, privesc, DoS, data tampering, info disclosure CVE-2026-24213 8.0 High OOB Read (CWE-125) RCE, data tampering, DoS, info disclosure CVE-2026-24214 8.0 High Integer Overflow (CWE-190) RCE, data tampering, DoS CVE-2026-24209 7.5 High Path Traversal (CWE-22) DoS CVE-2026-24210 7.5 High Integer Overflow (CWE-190) DoS CVE-2026-24206 7.3 High Auth Bypass (CWE-288) Privesc, DoS, info disclosure CVE-2026-24215 5.7 Medium Resource Exhaustion (CWE-400) DoS CVE-2026-24208 5.3 Medium Path Traversal (CWE-22) DoS Patch and Mitigations NVIDIA has addressed all eight CVEs in Triton Inference Server r26.03 for Linux. Organizations should update immediately via the official GitHub repository. Security teams should also apply these additional hardening measures drawn from prior Triton incident guidance: Restrict network exposure — Limit Triton HTTP/gRPC inference ports to trusted networks using firewall ACLs Deploy an API gateway — Place Triton behind a reverse proxy to validate and sanitize incoming inference requests Enforce authentication — Implement mTLS or API-key controls on all inference and management endpoints Enable monitoring — Alert on shared memory errors, malformed requests, and high-volume anomalous traffic No active exploitation has been observed in the wild at the time of publication. Given that PoC code for prior Triton vulnerabilities was publicly released shortly after disclosure, security teams should treat patching for CVE-2026-24207 as a critical-priority action. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google. Share Facebook Twitter Pinterest WhatsApp Lucas Martinhttps://cyberpress.org/ Lucas Martin is an Investigative cybersecurity journalist dedicated to breaking stories on ransomware cartels, data breaches, and state-sponsored espionage. Recent Articles Critical Laravel Livewire RCE Flaw Exploited to Steal Credentials From 6,000+ Apps Cyber Security News June 24, 2026 Microsoft Teams Phishing Lures Push Victims Toward Remote Access Tool Installation Cyber Security News June 24, 2026 Grafana Confirms TanStack npm Supply Chain Ransom Incident Hit GitHub Environment Cyber Security News June 24, 2026 Woodgnat Uses ClickFix, FileFix, and CrashFix Lures to Deliver Remote Access Malware Cyber Security News June 24, 2026 Android Malware Disguised as Document Reader Reaches 100K Downloads on Google Play Android June 24, 2026 Related Stories Cyber Security News Critical Laravel Livewire RCE Flaw Exploited to Steal Credentials From 6,000+ Apps Lucas Martin - June 24, 2026 Cyber Security News Microsoft Teams Phishing Lures Push Victims Toward Remote Access Tool Installation Varshini - June 24, 2026 Cyber Security News Grafana Confirms TanStack npm Supply Chain Ransom Incident Hit GitHub Environment Lucas Martin - June 24, 2026 Cyber Security News Woodgnat Uses ClickFix, FileFix, and CrashFix Lures to Deliver Remote Access Malware Varshini - June 24, 2026 Android Android Malware Disguised as Document Reader Reaches 100K Downloads on Google Play Varshini - June 24, 2026 Cyber Security News Hackers Use Fake Outlook Update Portal to Deploy Edgecution Browser-Based Backdoor Varshini - June 24, 2026 LEAVE A REPLY Comment: Name:* Email:* Website:
    💬 Team Notes
    Article Info
    Source
    cyberpress.org
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Jun 24, 2026
    Archived
    Jun 24, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗