Description
NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Published: 2026-05-20
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA TensorRT‑LLM contains a flaw in its MPI server that allows unsafe deserialization of untrusted data, granting an attacker the ability to execute arbitrary code. The malicious payload can also trigger denial of service, alter data, and exfiltrate sensitive information, making the impact severe from confidentiality, integrity, and availability standpoints. This weakness corresponds to CWE‑502, indicating the vulnerability arises from improper handling of serialized data.

Affected Systems

All installations of NVIDIA TensorRT‑LLM are affected because no specific version range is provided. Until an update is applied, every instance is considered vulnerable regardless of platform.

Risk and Exploitability

The CVSS base score of 7.5 categorizes the vulnerability as high severity. EPSS data is unavailable, and the issue is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector is through the MPI interface over the network, delivering a crafted payload to trigger the unsafe deserialization. Given the nature of deserialization exploits, the likelihood of successful exploitation remains significant unless mitigated.

Generated by OpenCVE AI on May 20, 2026 at 05:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest NVIDIA TensorRT‑LLM release that includes the fix.
  • Restrict network access to the MPI server with firewall rules or by placing it behind a VPN, limiting connections to trusted hosts.
  • Implement strict input validation or sandboxing for data processed by the MPI server to prevent unsafe deserialization.

Generated by OpenCVE AI on May 20, 2026 at 05:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia tensorrt-llm
Vendors & Products Nvidia
Nvidia tensorrt-llm

Wed, 20 May 2026 05:30:00 +0000

Type Values Removed Values Added
Title Unsafe Deserialization in NVIDIA TensorRT-LLM MPI Server

Wed, 20 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Nvidia Tensorrt-llm
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-20T15:45:06.608Z

Reserved: 2025-04-15T18:51:08.848Z

Link: CVE-2025-33255

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T04:16:43.667

Modified: 2026-05-20T13:57:15.740

Link: CVE-2025-33255

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T10:38:02Z

Weaknesses