AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-0095: NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and ex

criticalvulnerability

security

Source: NVD/CVE DatabaseJune 13, 2024CVE-2024-0095

Summary

CVE-2024-0095 is a vulnerability in NVIDIA Triton Inference Server (software that runs AI models) for Linux and Windows that allows users to inject fake log entries and commands, potentially leading to code execution (running unauthorized programs), denial of service (making the system unavailable), privilege escalation (gaining higher access rights), information disclosure (exposing sensitive data), and data tampering (modifying information). The vulnerability stems from improper neutralization of log output, meaning the system doesn't properly sanitize or clean user input before adding it to logs.

Vulnerability Details

CVSS Score

9(critical)

EPSS (30-day exploit probability)

EPSS: 0.5%

Classification

Attack Type

DoSPII Leakage

Attack SophisticationModerate

Impact (CIA+S)

integrity

Taxonomy References

CWE (Weakness Type)

CWE-117

Affected Vendors

NVIDIA

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

First tracked: February 15, 2026 at 08:45 PM

Classified by LLM (prompt v3) · confidence: 95%