Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    34 vulnerabilities found for TensorRT-LLM by NVIDIA

    CVE-2026-47475 (GCVE-0-2026-47475)

    Vulnerability from nvd – Published: 2026-07-14 20:08 – Updated: 2026-07-14 20:08
    VLAI
    Summary
    NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc15",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:08:43.131Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47475"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-47475"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-47475",
        "datePublished": "2026-07-14T20:08:43.131Z",
        "dateReserved": "2026-05-19T19:55:38.728Z",
        "dateUpdated": "2026-07-14T20:08:43.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47473 (GCVE-0-2026-47473)

    Vulnerability from nvd – Published: 2026-07-14 20:03 – Updated: 2026-07-14 20:03
    VLAI
    Summary
    NVIDIA TensorRT-LLM contains a vulnerability where an attacker could cause a write-what-where condition. A successful exploit of this vulnerability might lead to data tampering, denial of service, and information disclosure.
    CWE
    • CWE-123 - Write-what-where Condition
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc16",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM contains a vulnerability where an attacker could cause a write-what-where condition. A successful exploit of this vulnerability might lead to data tampering, denial of service, and information disclosure."
                }
              ],
              "value": "NVIDIA TensorRT-LLM contains a vulnerability where an attacker could cause a write-what-where condition. A successful exploit of this vulnerability might lead to data tampering, denial of service, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Data Tampering, Denial of Service, Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-123",
                  "description": "CWE-123 Write-what-where Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:03:08.209Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47473"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-47473"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-47473",
        "datePublished": "2026-07-14T20:03:08.209Z",
        "dateReserved": "2026-05-19T19:55:38.727Z",
        "dateUpdated": "2026-07-14T20:03:08.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47472 (GCVE-0-2026-47472)

    Vulnerability from nvd – Published: 2026-07-14 20:01 – Updated: 2026-07-14 20:01
    VLAI
    Summary
    NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc16",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service."
                }
              ],
              "value": "NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, information disclosure, data tampering, denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:01:29.906Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47472"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-47472"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-47472",
        "datePublished": "2026-07-14T20:01:29.906Z",
        "dateReserved": "2026-05-19T19:55:38.727Z",
        "dateUpdated": "2026-07-14T20:01:29.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47471 (GCVE-0-2026-47471)

    Vulnerability from nvd – Published: 2026-07-14 20:02 – Updated: 2026-07-14 20:02
    VLAI
    Summary
    NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc16",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service, Information Disclosure, Data Tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:02:10.300Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47471"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-47471"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-47471",
        "datePublished": "2026-07-14T20:02:10.300Z",
        "dateReserved": "2026-05-19T19:55:38.727Z",
        "dateUpdated": "2026-07-14T20:02:10.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47470 (GCVE-0-2026-47470)

    Vulnerability from nvd – Published: 2026-07-14 20:07 – Updated: 2026-07-14 20:07
    VLAI
    Summary
    NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc14",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:07:51.321Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47470"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-47470"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-47470",
        "datePublished": "2026-07-14T20:07:51.321Z",
        "dateReserved": "2026-05-19T19:55:37.796Z",
        "dateUpdated": "2026-07-14T20:07:51.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24271 (GCVE-0-2026-24271)

    Vulnerability from nvd – Published: 2026-07-14 20:09 – Updated: 2026-07-14 20:09
    VLAI
    Summary
    NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc14",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:09:12.995Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24271"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24271"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24271",
        "datePublished": "2026-07-14T20:09:12.995Z",
        "dateReserved": "2026-01-21T19:09:51.101Z",
        "dateUpdated": "2026-07-14T20:09:12.995Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24259 (GCVE-0-2026-24259)

    Vulnerability from nvd – Published: 2026-07-14 20:06 – Updated: 2026-07-14 20:06
    VLAI
    Summary
    NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc12",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code Execution, Data Tampering, Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:06:25.894Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24259"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24259"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24259",
        "datePublished": "2026-07-14T20:06:25.894Z",
        "dateReserved": "2026-01-21T19:09:48.284Z",
        "dateUpdated": "2026-07-14T20:06:25.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24234 (GCVE-0-2026-24234)

    Vulnerability from nvd – Published: 2026-07-14 20:04 – Updated: 2026-07-14 20:04
    VLAI
    Summary
    NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc16",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service, Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:04:56.494Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24234"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24234"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24234",
        "datePublished": "2026-07-14T20:04:56.494Z",
        "dateReserved": "2026-01-21T19:09:37.973Z",
        "dateUpdated": "2026-07-14T20:04:56.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24233 (GCVE-0-2026-24233)

    Vulnerability from nvd – Published: 2026-07-14 20:00 – Updated: 2026-07-14 20:00
    VLAI
    Summary
    NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc14",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code Execution, Escalation of Privileges, Data Tampering, Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:00:37.279Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24233"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24233"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24233",
        "datePublished": "2026-07-14T20:00:37.279Z",
        "dateReserved": "2026-01-21T19:09:37.972Z",
        "dateUpdated": "2026-07-14T20:00:37.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24229 (GCVE-0-2026-24229)

    Vulnerability from nvd – Published: 2026-07-14 20:04 – Updated: 2026-07-14 20:04
    VLAI
    Summary
    NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc16",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure, Data Tampering, Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:04:13.058Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24229"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24229"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24229",
        "datePublished": "2026-07-14T20:04:13.058Z",
        "dateReserved": "2026-01-21T19:09:36.965Z",
        "dateUpdated": "2026-07-14T20:04:13.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24226 (GCVE-0-2026-24226)

    Vulnerability from nvd – Published: 2026-07-14 20:07 – Updated: 2026-07-14 20:07
    VLAI
    Summary
    NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc12",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code Execution, Data Tampering, Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:07:04.904Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24226"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24226"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24226",
        "datePublished": "2026-07-14T20:07:04.904Z",
        "dateReserved": "2026-01-21T19:09:36.965Z",
        "dateUpdated": "2026-07-14T20:07:04.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24220 (GCVE-0-2026-24220)

    Vulnerability from nvd – Published: 2026-07-14 20:05 – Updated: 2026-07-14 20:05
    VLAI
    Summary
    NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc11",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:05:36.549Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24220"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24220"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24220",
        "datePublished": "2026-07-14T20:05:36.549Z",
        "dateReserved": "2026-01-21T19:09:35.635Z",
        "dateUpdated": "2026-07-14T20:05:36.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24163 (GCVE-0-2026-24163)

    Vulnerability from nvd – Published: 2026-05-20 03:03 – Updated: 2026-05-20 15:44
    VLAI
    Summary
    NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0 , < v1.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24163",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T14:17:25.675880Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T15:44:45.793Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThan": "v1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could  cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could  cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, denial of service, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T03:03:01.877Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24163"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24163"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5805"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24163",
        "datePublished": "2026-05-20T03:03:01.877Z",
        "dateReserved": "2026-01-21T19:09:30.918Z",
        "dateUpdated": "2026-05-20T15:44:45.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24160 (GCVE-0-2026-24160)

    Vulnerability from nvd – Published: 2026-05-20 03:01 – Updated: 2026-05-20 15:44
    VLAI
    Summary
    NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-690 - Unchecked Return Value to NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0 , < v1.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T14:17:37.740439Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T15:44:51.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThan": "v1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an  unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an  unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-690",
                  "description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T03:01:50.316Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24160"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24160"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5805"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24160",
        "datePublished": "2026-05-20T03:01:50.316Z",
        "dateReserved": "2026-01-21T19:09:29.851Z",
        "dateUpdated": "2026-05-20T15:44:51.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24142 (GCVE-0-2026-24142)

    Vulnerability from nvd – Published: 2026-05-20 03:00 – Updated: 2026-05-20 15:44
    VLAI
    Summary
    NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0 , < v1.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24142",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T14:17:53.179178Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T15:44:57.545Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThan": "v1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA TRT-LLM for any platform contains a deserialization vulnerability   and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA TRT-LLM for any platform contains a deserialization vulnerability   and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T03:00:19.071Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24142"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24142"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5805"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24142",
        "datePublished": "2026-05-20T03:00:19.071Z",
        "dateReserved": "2026-01-21T19:09:27.437Z",
        "dateUpdated": "2026-05-20T15:44:57.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-33255 (GCVE-0-2025-33255)

    Vulnerability from nvd – Published: 2026-05-20 02:58 – Updated: 2026-05-20 15:45
    VLAI
    Summary
    NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0 , < v1.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-33255",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T14:18:07.110572Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T15:45:06.608Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThan": "v1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, denial of service, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T02:58:39.898Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33255"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2025-33255"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5805"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2025-33255",
        "datePublished": "2026-05-20T02:58:39.898Z",
        "dateReserved": "2025-04-15T18:51:08.848Z",
        "dateUpdated": "2026-05-20T15:45:06.608Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24271 (GCVE-0-2026-24271)

    Vulnerability from cvelistv5 – Published: 2026-07-14 20:09 – Updated: 2026-07-14 20:09
    VLAI
    Summary
    NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service.
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc14",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause allocation of GPU resources without limits or throttling. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:09:12.995Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24271"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24271"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24271",
        "datePublished": "2026-07-14T20:09:12.995Z",
        "dateReserved": "2026-01-21T19:09:51.101Z",
        "dateUpdated": "2026-07-14T20:09:12.995Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47475 (GCVE-0-2026-47475)

    Vulnerability from cvelistv5 – Published: 2026-07-14 20:08 – Updated: 2026-07-14 20:08
    VLAI
    Summary
    NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc15 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc15",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a reachable assertion in the sampler thread. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-617",
                  "description": "CWE-617 Reachable Assertion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:08:43.131Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47475"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-47475"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-47475",
        "datePublished": "2026-07-14T20:08:43.131Z",
        "dateReserved": "2026-05-19T19:55:38.728Z",
        "dateUpdated": "2026-07-14T20:08:43.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47470 (GCVE-0-2026-47470)

    Vulnerability from cvelistv5 – Published: 2026-07-14 20:07 – Updated: 2026-07-14 20:07
    VLAI
    Summary
    NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service.
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc14",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:07:51.321Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47470"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-47470"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-47470",
        "datePublished": "2026-07-14T20:07:51.321Z",
        "dateReserved": "2026-05-19T19:55:37.796Z",
        "dateUpdated": "2026-07-14T20:07:51.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24226 (GCVE-0-2026-24226)

    Vulnerability from cvelistv5 – Published: 2026-07-14 20:07 – Updated: 2026-07-14 20:07
    VLAI
    Summary
    NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
    CWE
    • CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc12",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code Execution, Data Tampering, Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-829",
                  "description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:07:04.904Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24226"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24226"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24226",
        "datePublished": "2026-07-14T20:07:04.904Z",
        "dateReserved": "2026-01-21T19:09:36.965Z",
        "dateUpdated": "2026-07-14T20:07:04.904Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24259 (GCVE-0-2026-24259)

    Vulnerability from cvelistv5 – Published: 2026-07-14 20:06 – Updated: 2026-07-14 20:06
    VLAI
    Summary
    NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc12 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc12",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critical function. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code Execution, Data Tampering, Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:06:25.894Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24259"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24259"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24259",
        "datePublished": "2026-07-14T20:06:25.894Z",
        "dateReserved": "2026-01-21T19:09:48.284Z",
        "dateUpdated": "2026-07-14T20:06:25.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24220 (GCVE-0-2026-24220)

    Vulnerability from cvelistv5 – Published: 2026-07-14 20:05 – Updated: 2026-07-14 20:05
    VLAI
    Summary
    NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc11",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an unsafe deserialization by unauthorized zeroMQ deserialization. A successful exploit of this vulnerability might lead to code execution."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code Execution"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:05:36.549Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24220"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24220"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24220",
        "datePublished": "2026-07-14T20:05:36.549Z",
        "dateReserved": "2026-01-21T19:09:35.635Z",
        "dateUpdated": "2026-07-14T20:05:36.549Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24234 (GCVE-0-2026-24234)

    Vulnerability from cvelistv5 – Published: 2026-07-14 20:04 – Updated: 2026-07-14 20:04
    VLAI
    Summary
    NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure.
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc16",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-accessible attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to denial of service and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service, Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:04:56.494Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24234"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24234"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24234",
        "datePublished": "2026-07-14T20:04:56.494Z",
        "dateReserved": "2026-01-21T19:09:37.973Z",
        "dateUpdated": "2026-07-14T20:04:56.494Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24229 (GCVE-0-2026-24229)

    Vulnerability from cvelistv5 – Published: 2026-07-14 20:04 – Updated: 2026-07-14 20:04
    VLAI
    Summary
    NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service.
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc16",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Information Disclosure, Data Tampering, Denial of Service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:04:13.058Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24229"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24229"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24229",
        "datePublished": "2026-07-14T20:04:13.058Z",
        "dateReserved": "2026-01-21T19:09:36.965Z",
        "dateUpdated": "2026-07-14T20:04:13.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47473 (GCVE-0-2026-47473)

    Vulnerability from cvelistv5 – Published: 2026-07-14 20:03 – Updated: 2026-07-14 20:03
    VLAI
    Summary
    NVIDIA TensorRT-LLM contains a vulnerability where an attacker could cause a write-what-where condition. A successful exploit of this vulnerability might lead to data tampering, denial of service, and information disclosure.
    CWE
    • CWE-123 - Write-what-where Condition
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc16",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM contains a vulnerability where an attacker could cause a write-what-where condition. A successful exploit of this vulnerability might lead to data tampering, denial of service, and information disclosure."
                }
              ],
              "value": "NVIDIA TensorRT-LLM contains a vulnerability where an attacker could cause a write-what-where condition. A successful exploit of this vulnerability might lead to data tampering, denial of service, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Data Tampering, Denial of Service, Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-123",
                  "description": "CWE-123 Write-what-where Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:03:08.209Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47473"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-47473"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-47473",
        "datePublished": "2026-07-14T20:03:08.209Z",
        "dateReserved": "2026-05-19T19:55:38.727Z",
        "dateUpdated": "2026-07-14T20:03:08.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47471 (GCVE-0-2026-47471)

    Vulnerability from cvelistv5 – Published: 2026-07-14 20:02 – Updated: 2026-07-14 20:02
    VLAI
    Summary
    NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc16",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of Service, Information Disclosure, Data Tampering"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:02:10.300Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47471"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-47471"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-47471",
        "datePublished": "2026-07-14T20:02:10.300Z",
        "dateReserved": "2026-05-19T19:55:38.727Z",
        "dateUpdated": "2026-07-14T20:02:10.300Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-47472 (GCVE-0-2026-47472)

    Vulnerability from cvelistv5 – Published: 2026-07-14 20:01 – Updated: 2026-07-14 20:01
    VLAI
    Summary
    NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc16 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc16",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service."
                }
              ],
              "value": "NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, information disclosure, data tampering, denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:01:29.906Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47472"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-47472"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-47472",
        "datePublished": "2026-07-14T20:01:29.906Z",
        "dateReserved": "2026-05-19T19:55:38.727Z",
        "dateUpdated": "2026-07-14T20:01:29.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24233 (GCVE-0-2026-24233)

    Vulnerability from cvelistv5 – Published: 2026-07-14 20:00 – Updated: 2026-07-14 20:00
    VLAI
    Summary
    NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0.0 , ≤ v1.3.0 rc14 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThanOrEqual": "v1.3.0 rc14",
                  "status": "affected",
                  "version": "0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code Execution, Escalation of Privileges, Data Tampering, Information Disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T20:00:37.279Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24233"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24233"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24233",
        "datePublished": "2026-07-14T20:00:37.279Z",
        "dateReserved": "2026-01-21T19:09:37.972Z",
        "dateUpdated": "2026-07-14T20:00:37.279Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24163 (GCVE-0-2026-24163)

    Vulnerability from cvelistv5 – Published: 2026-05-20 03:03 – Updated: 2026-05-20 15:44
    VLAI
    Summary
    NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0 , < v1.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24163",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T14:17:25.675880Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T15:44:45.793Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThan": "v1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could  cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure."
                }
              ],
              "value": "NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could  cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Code execution, denial of service, data tampering, information disclosure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T03:03:01.877Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24163"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24163"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5805"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24163",
        "datePublished": "2026-05-20T03:03:01.877Z",
        "dateReserved": "2026-01-21T19:09:30.918Z",
        "dateUpdated": "2026-05-20T15:44:45.793Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24160 (GCVE-0-2026-24160)

    Vulnerability from cvelistv5 – Published: 2026-05-20 03:01 – Updated: 2026-05-20 15:44
    VLAI
    Summary
    NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-690 - Unchecked Return Value to NULL Pointer Dereference
    Assigner
    Impacted products
    Vendor Product Version
    NVIDIA TensorRT-LLM Affected: 0 , < v1.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24160",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-20T14:17:37.740439Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-20T15:44:51.743Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "All"
              ],
              "product": "TensorRT-LLM",
              "vendor": "NVIDIA",
              "versions": [
                {
                  "lessThan": "v1.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": true,
                  "type": "text/html",
                  "value": "NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an  unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service."
                }
              ],
              "value": "NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an  unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service."
            }
          ],
          "impacts": [
            {
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Denial of service"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-690",
                  "description": "CWE-690 Unchecked Return Value to NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-20T03:01:50.316Z",
            "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
            "shortName": "nvidia"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24160"
            },
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2026-24160"
            },
            {
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5805"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "NVIDIA PSIRT"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "assignerShortName": "nvidia",
        "cveId": "CVE-2026-24160",
        "datePublished": "2026-05-20T03:01:50.316Z",
        "dateReserved": "2026-01-21T19:09:29.851Z",
        "dateUpdated": "2026-05-20T15:44:51.743Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }