AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-24207: NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A succes

criticalvulnerability

security

Source: NVD/CVE DatabaseMay 20, 2026CVE-2026-24207

Summary

NVIDIA Triton Inference Server has a vulnerability (CVE-2026-24207) where an attacker could bypass authentication (skip security checks that normally verify who someone is), potentially allowing them to run code, gain higher privileges, change data, crash the service, or steal information. The vulnerability is classified as an authentication bypass using an alternate path or channel (CWE-288, a type of weakness where attackers find different ways to access a system without proper verification).

Vulnerability Details

CVSS Score

9.8(critical)

EPSS (30-day exploit probability)

EPSS: 0.1%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

network

Attack Complexity

low

Privileges Required

none

User Interaction

none

Patch Available

Yes

Disclosure Date

May 20, 2026

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-288

Affected Vendors

NVIDIA

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Same vendorNVD/CVE Database

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attack

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-24207

First tracked: May 20, 2026 at 02:05 PM

Classified by LLM (prompt v3) · confidence: 92%