Description
NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
Published: 2026-05-20
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in NVIDIA TensorRT‑LLM, where an unchecked return value can result in a null pointer dereference. This flaw is classified as CWE‑690. When exploited, the attacker can cause the library to crash, leading to a denial of service. The effect is limited to the application using TensorRT‑LLM; a crash will make the service unavailable until it is restarted or the vulnerable code is patched.

Affected Systems

All installations of NVIDIA TensorRT‑LLM on any supported platform are potentially affected, as the issue is present in the base library without a version qualifier. The advisory does not specify a particular release, so any current or older build may be vulnerable until a patch is released.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The exploit probability is not available and the vulnerability is not listed in the CISA KEV catalog, implying there are no confirmed exploit instances yet. The attack likely requires delivery of malformed input to TensorRT‑LLM, which may be feasible in environments that expose the library to untrusted data or network traffic. Because the flaw leads to a crash rather than code execution, the risk is primarily to availability rather than confidentiality or integrity.

Generated by OpenCVE AI on May 20, 2026 at 04:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check NVIDIA’s support site for a patched TensorRT‑LLM release and upgrade as soon as possible.
  • Enable application‑level monitoring or watchdog services to detect crashes and automatically restart the affected process while waiting for a patch.
  • If customizing TensorRT‑LLM code, add explicit null checks around any function return values that could be null before dereferencing.

Generated by OpenCVE AI on May 20, 2026 at 04:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia tensorrt-llm
Vendors & Products Nvidia
Nvidia tensorrt-llm

Wed, 20 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Null Pointer Dereference Leading to Denial of Service in NVIDIA TensorRT-LLM

Wed, 20 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
Weaknesses CWE-690
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Nvidia Tensorrt-llm
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-20T15:44:51.743Z

Reserved: 2026-01-21T19:09:29.851Z

Link: CVE-2026-24160

cve-icon Vulnrichment

Updated: 2026-05-20T14:17:43.761Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T04:16:45.277

Modified: 2026-05-20T13:57:15.740

Link: CVE-2026-24160

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T10:38:00Z

Weaknesses