Description
NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering.
Published: 2026-05-20
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow in NVIDIA TensorRT allows an attacker to write beyond the bounds of a memory region. This out‑of‑bounds write can modify legitimate data structures and lead to data tampering. The vulnerability is classified as CWE‑787, which highlights a flaw in bounds checking and memory safety.

Affected Systems

The affected product is NVIDIA TensorRT. Specific vulnerable versions are not disclosed in the current data, so all releases should be examined for the presence of the patch once it becomes available.

Risk and Exploitability

The CVSS score of 8.2 marks this vulnerability as high risk. No EPSS score is available, so current exploitation probability cannot be quantified. The vendor has not listed this issue in the CISA KEV catalog, suggesting there is no widespread evidence of exploitation yet. Because the description does not detail the attack vector, it is inferred that an attacker would need to interact with TensorRT in a way that allows them to invoke the write operation—this could be via a privileged application or potentially over a network if TensorRT services are exposed. The combination of high severity and unknown exploitation likelihood warrants cautious assessment and timely remediation.

Generated by OpenCVE AI on May 20, 2026 at 20:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest NVIDIA TensorRT patch or upgrade to a version where the out‑of‑bounds write is fixed.
  • Restrict access to TensorRT by implementing network segmentation or firewall rules to limit exposure to untrusted hosts.
  • Monitor system logs and application behavior for signs of anomalous writes or integrity violations.
  • If uploading a patch is not immediately feasible, isolate the TensorRT deployment in a hardened environment and keep monitoring for new disclosures.

Generated by OpenCVE AI on May 20, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Nvidia
Nvidia tensorrt
Vendors & Products Nvidia
Nvidia tensorrt

Wed, 20 May 2026 20:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write Allowing Data Tampering in NVIDIA TensorRT

Wed, 20 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering.
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L'}

Subscriptions

Nvidia Tensorrt
cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published:

Updated: 2026-05-20T19:33:03.277Z

Reserved: 2026-01-21T19:09:32.733Z

Link: CVE-2026-24188

cve-icon Vulnrichment

Updated: 2026-05-20T19:32:59.282Z

cve-icon NVD

Status : Received

Published: 2026-05-20T20:16:36.203

Modified: 2026-05-20T20:16:36.203

Link: CVE-2026-24188

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T08:19:01Z

Weaknesses