—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in NVIDIA Triton Inference Server

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

NVIDIA Triton Inference Server versions prior to r26.03 for Linux and DALI Backend

Overview

Multiple vulnerabilities have been reported in NVIDIA Triton Inference Server that could allow an attacker to execute arbitrary code, escalate privileges, bypass authentication mechanisms, cause denial of service, disclose sensitive information, or tamper with data on the targeted system.

Target Audience:

All organizations and individuals using NVIDIA Triton Inference Server.

Risk Assessment:

Critical risk of authentication bypass, privilege escalation, unauthorized access, sensitive information disclosure, data tampering, and denial of service.

Impact Assessment:

Potential for unauthorized elevated access and modification, arbitrary code execution, sensitive data exposure, and system disruption.

Description

NVIDIA Triton Inference Server is an open-source, cloud-ready AI inference platform that simplifies the deployment, execution, and scaling of models trained across multiple frameworks, including PyTorch, TensorFlow, ONNX, and TensorRT, on both CPU and GPU infrastructure.

Multiple vulnerabilities exist in NVIDIA Triton Inference Server due to improper authentication handling, insufficient path validation, integer overflow conditions, out-of-bounds read issues, and uncontrolled resource consumption vulnerabilities within core components and the DALI backend.

Successful exploitation of these vulnerabilities could allow an attacker to perform arbitrary code execution, escalate privileges, bypass authentication mechanisms, launch denial of service attacks, and disclose sensitive information on the targeted system.

Solution

Apply appropriate security recommendation as mentioned in NVIDIA advisory:

https://nvidia.custhelp.com/app/answers/detail/a_id/5828

Vendor Information

NVIDIA

http://nvidia.com/en-us/security/

References

 

https://nvidia.custhelp.com/app/answers/detail/a_id/5828

http://nvidia.com/en-us/security/

CVE Name

CVE-2026-24206

CVE-2026-24207

CVE-2026-24208

CVE-2026-24209

CVE-2026-24210

CVE-2026-24213

CVE-2026-24214

CVE-2026-24215

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQJPBAEBCAA5FiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoRrCMbFIAAAAAABAAO

bWFudTIsMi41KzEuMTIsMiwxAAoJEN4woHEnXMrPZ+AP/jovkdDgQd4G4IMCcADD

qQNzHhPsfkB5XXscTQ/kYAegqpMtS4bLYlziknjfFgQIKrhjScjmVOOMgHEvsExj

6vHPe/zEhBVL/ahohrFzfOsWupk9oHWlx+W19kH2yxHBHkQ8vm4cFbnPoh7PzrzG

cIxE+d4Etcv7FbctVmunLvf9RHMVPlN2CnzQiaPrYLAiNGmkTm2fHMR8HnKJLApy

3W+hhq09jdBBclZs6Xmg+Y6TfC1vCVQsFTjbmOGevqi3uMkwcNwRFQBn3JCAoEx3

hKOdlHXYHEh5aZhjd58JXhsiBybam4HuRcdNXZ6unDooiKFgWNn+fr8+fLoBVVlN

E2VBbultf9TcNM/HbrrY3TJ8IwF6S/dQBLjkkzr912Mjc26HhXyF1mlNBbYaUMnj

VY6eR41OiCz8BsCRHTYgG3BdCvJ/u3gOqMCV3JGI5OCFV2xr5m5hPdVb8ZlpfrjD

HPyvx/apn5pZlh1K1+hwCH5T6k7Vc7zyersPF3spSmFo5eGy3hJ8tSvnXcQbXmmR

LSvEHNQtFS14kr7L9RhGiJsJ4SO738zhT3xPz0bQD7+e6/FNFNIa3wvg5rBXtoS2

yyuR6UGUtGY9l6W7t7naVPNJQtOMK/yfvVnDqqpmbQB5Ej9LH+cpRPeMkJ0fPM26

dmOFkjYiMqQoaNXvuNd2jP79

=lKnO

—–END PGP SIGNATURE—–