CVE-2026-24163

7.5 HIGH

NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization

Published: 2026-05-20 · Last updated: 2026-05-20

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-502

Affected products

Vendor	Product
nvidia	tensorrt_llm

Description

NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-24163
[Other]https://nvd.nist.gov/vuln/detail/CVE-2026-24163
[Vendor advisory]https://nvidia.custhelp.com/app/answers/detail/a_id/5805
[Other]https://www.cve.org/CVERecord?id=CVE-2026-24163

Related CVEs

Same vendor

CVE-2026-24228 — NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data (7.8 HIGH)
CVE-2026-24155 — NVIDIA NeMo Framework for all platforms contains a code injection vulnerability (7.8 HIGH)
CVE-2026-24237 — NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data (7.8 HIGH)
CVE-2026-24221 — NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data (7.8 HIGH)
CVE-2026-24199 — NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering comp... (4.7 MEDIUM)

Same CWE

CVE-2026-48775 — LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite) (6.8 MEDIUM)
CVE-2026-10748 — An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating s...
CVE-2026-24228 — NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data (7.8 HIGH)
CVE-2026-48853 — Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unau...
CVE-2026-9691 — Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions (9.8 CRITICAL)