CVE-2026-24207

CRITICAL NUCLEI

Nvidia Triton Inference Server - Authentication Bypass Using an Alternate Path or Channel

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2026-24207. PoCs published by offseckit. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-24207, demonstrating an authentication bypass in NVIDIA Triton SageMaker. It includes tools for detection, bypass demonstration, and a full RCE chain via model loading. The exploit is well-documented with technical details and proof-of-concept code.

Description

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.

Exploits (2)

github WORKING POC
by offseckit · pythonpoc
https://github.com/offseckit/CVE-2026-24207

This repository contains a functional exploit for CVE-2026-24207, demonstrating an authentication bypass in NVIDIA Triton SageMaker. It includes tools for detection, bypass demonstration, and a full RCE chain via model loading. The exploit is well-documented with technical details and proof-of-concept code.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: NVIDIA Triton SageMaker (versions ≤ 2.66.0)
No auth needed
Prerequisites: Triton SageMaker endpoint reachable · Model files accessible on the target filesystem for RCE
mistral-large-3 · analyzed Jun 26, 2026 Full analysis →
nomisec WORKING POC
by offseckit · poc
https://github.com/offseckit/CVE-2026-24207-triton

This repository contains functional exploit code for CVE-2026-24207, an authentication bypass vulnerability in NVIDIA Triton SageMaker. It includes a scanner to detect vulnerable instances, a bypass demonstration script, and a full RCE exploit chain that loads a malicious Python model.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: NVIDIA Triton SageMaker (versions ≤ 2.66.0)
No auth needed
Prerequisites: Access to the SageMaker management endpoint (port 8080) · Ability to place model files on a Triton-readable filesystem path for RCE
mistral-large-3 · analyzed Jun 26, 2026 Full analysis →

Nuclei Templates (1)

NVIDIA Triton Inference Server <= 26.02 - Authentication Bypass
CRITICALVERIFIEDby VixianSchool
Shodan: http.title:"Triton" port:8080

Scores

CVSS v3 9.8
EPSS 0.0083
EPSS Percentile 53.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-288
Status published
Products (2)
NVIDIA/Triton Inference Server All versions prior to r26.03
nvidia/triton_inference_server < 26.03
Published May 20, 2026
Tracked Since May 20, 2026