CVE-2026-24142
NVIDIA TRT-LLM Deserialization Vulnerability
Publication date: 2026-05-20
Last updated on: 2026-05-20
Assigner: NVIDIA Corporation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nvidia | trt-llm | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in NVIDIA TRT-LLM affects any platform and involves a deserialization flaw and an unsafe serialized handle.
Exploiting this vulnerability could allow an attacker to execute arbitrary code, tamper with data, and disclose sensitive information.
This weakness is categorized under CWE-502, which relates to the deserialization of untrusted data.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to several serious impacts including:
- Execution of arbitrary code on the affected system.
- Tampering with data, which could compromise data integrity.
- Disclosure of sensitive information, potentially leading to data breaches.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability involves unsafe deserialization in NVIDIA TRT-LLM which could lead to code execution, data tampering, and information disclosure.
To mitigate this vulnerability, it is recommended to follow NVIDIA's official guidance and updates on their support page as referenced by NVIDIA in their advisories.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability in NVIDIA TRT-LLM could lead to code execution, data tampering, and information disclosure. Such impacts may affect compliance with standards and regulations like GDPR and HIPAA, which require protection of data confidentiality, integrity, and availability.
However, the provided information does not explicitly describe how this vulnerability affects compliance with these specific regulations or standards.