CVE-2026-24209
NVIDIA · Triton Inference Server
NVIDIA Triton Inference Server is vulnerable to a path traversal flaw, potentially allowing unauthorized file system access.
Executive summary
A path traversal vulnerability in NVIDIA Triton Inference Server may allow unauthorized actors to access sensitive files on the host system.
Vulnerability
This is a path traversal vulnerability that could allow an attacker to bypass file system restrictions. The vulnerability exists due to improper input validation, though the authentication requirement for exploitation is not specified in the current data.
Business impact
Successful exploitation of this path traversal vulnerability could lead to the unauthorized disclosure of sensitive configuration files, credentials, or proprietary model data. Given the CVSS score of 7.5, this represents a significant risk to data confidentiality and the integrity of the inference environment.
Remediation
Immediate Action: Review the official NVIDIA security advisory to identify and apply the necessary patches or configuration updates.
Proactive Monitoring: Monitor server access logs for anomalous directory traversal patterns, such as sequences involving "../" or unexpected file access requests.
Compensating Controls: Implement a Web Application Firewall (WAF) to filter and block malicious input strings containing path traversal characters.
Exploitation status
Public Exploit Available: false
Analyst recommendation
The presence of a path traversal vulnerability poses a high risk to the security of the inference server. IT teams must prioritize verifying their current versions against the vendor's guidance and applying security updates as soon as they become available to prevent potential data exfiltration.