Description
NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Published: 2026-05-20
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NVIDIA TensorRT-LLM contains an unsafe deserialization flaw in its RPC testing feature that can lead to code execution, denial of service, data tampering, and information disclosure. The weakness is classified as CWE-502, indicating that untrusted data is deserialized without proper validation, allowing malicious payloads to be processed by the system.

Affected Systems

All versions of NVIDIA TensorRT-LLM on any platform are affected. No specific version numbers are listed, so any deployment using this component should be treated as vulnerable until confirmed otherwise.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity vulnerability. EPSS information is not available, so the current exploitation probability cannot be quantified, but the lack of a KEV listing suggests no publicly known exploits at this time. Based on the description, the likely attack vector is via the RPC testing interface, which an attacker could reach from a remote client to send a maliciously crafted serialized payload. Successful exploitation would allow arbitrary code execution on the host running TensorRT-LLM.

Generated by OpenCVE AI on May 20, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NVIDIA TensorRT-LLM to the latest supported version that includes the deserialization fix.
  • If an immediate update is not feasible, disable or restrict the RPC testing endpoints to trusted networks only to prevent exposure to untrusted inputs.
  • Monitor system logs for anomalous RPC activity and look for deserialization errors that could indicate attempted exploitation.

Generated by OpenCVE AI on May 20, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 20 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia tensorrt-llm
Vendors & Products Nvidia
Nvidia tensorrt-llm

Wed, 20 May 2026 04:45:00 +0000

Type Values Removed Values Added
Title Unsound Deserialization in NVIDIA TensorRT-LLM RPC Testing

Wed, 20 May 2026 03:30:00 +0000

Type Values Removed Values Added
Description NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Nvidia Tensorrt-llm
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-20T15:44:45.793Z

Reserved: 2026-01-21T19:09:30.918Z

Link: CVE-2026-24163

cve-icon Vulnrichment

Updated: 2026-05-20T14:17:30.555Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-20T04:16:45.537

Modified: 2026-05-20T13:57:15.740

Link: CVE-2026-24163

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T10:37:59Z

Weaknesses