AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-24206: NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A succes

highvulnerability

security

Source: NVD/CVE DatabaseMay 20, 2026CVE-2026-24206

Summary

NVIDIA Triton Inference Server contains a vulnerability (CVE-2026-24206) that allows attackers to bypass authentication (a security check that verifies who you are), potentially leading to privilege escalation (gaining higher-level access), denial of service (making a system unavailable), or information disclosure (unauthorized access to data). The vulnerability is classified as CWE-288, which means it exploits an alternate path to bypass normal authentication checks.

Vulnerability Details

CVSS Score

7.3(high)

EPSS (30-day exploit probability)

EPSS: 0.1%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

network

Attack Complexity

low

Privileges Required

none

User Interaction

none

Patch Available

Yes

Disclosure Date

May 20, 2026

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-288

Affected Vendors

NVIDIA

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Same vendorNVD/CVE Database

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attack

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-24206

First tracked: May 20, 2026 at 02:05 PM

Classified by LLM (prompt v3) · confidence: 92%