Critical Path Traversal in gRPC Interface
Target:
[REDACTED] AI Inference Server
Vulnerability Class:
Path Traversal (CWE-22)
CVE ID:
CVE-2026-XXXX
Discovered:
February 20, 2026
Executive Summary
Executive Summary
A critical path traversal vulnerability exists in [REDACTED] AI Inference Server’s gRPC interface, enabling model repository escape and tenant isolation bypass.
Technical Details
The vulnerability allows attackers to traverse directory structures and access unauthorized model repositories through improper path validation in gRPC handlers.
OPSEC Note
Full technical details are embargoed until vendor patches are publicly available.
Impact Assessment
Path traversal vulnerability in gRPC interface enables model repository sandbox escape and tenant isolation bypass in multi-tenant environments.
Disclosure Timeline
- February 20, 2026: Vulnerability discovered
- February 25, 2026: Vendor notification
- March 15, 2026: Vendor acknowledged
- April 07, 2026: Patch status: Under development