What is the CVSS score of CVE-2026-24163?

CVE-2026-24163 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of NVIDIA TensorRT-LLM are affected by CVE-2026-24163?

NVIDIA TensorRT-LLM's RPC testing component contains an unsafe deserialization flaw enabling local high-privilege attackers to execute code, disrupt service, or tamper with AI model data.

How to fix or mitigate CVE-2026-24163?

Within 24 hours: Inventory all NVIDIA TensorRT-LLM deployments and document RPC component usage. Within 7 days: Disable RPC testing component if operationally unnecessary; implement OS-level privilege restrictions limiting access to essential personnel only. Within 30 days: Establish network segmentation isolating TensorRT-LLM systems; configure audit logging for deserialization operations; monitor NVIDIA advisories for patch availability and schedule upgrade planning.

NVIDIA TensorRT-LLM CVE-2026-24163

EUVD-2026-31057 HIGH

Deserialization of Untrusted Data (CWE-502)

2026-05-20 nvidia

GHSA-qvvq-q6v7-7fhg

RCE Denial Of Service Information Disclosure Deserialization Nvidia

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 20, 2026 - 04:01 vuln.today

DescriptionNVD

NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.

AnalysisAI

Unsafe deserialization in NVIDIA TensorRT-LLM's RPC testing component allows a local high-privileged attacker to trigger code execution, denial of service, data tampering, or information disclosure across a changed scope. The flaw is rated CVSS 7.5 despite local-only access and high attack complexity because successful exploitation crosses a security boundary (S:C) and yields full CIA impact. …

RemediationAI

Within 24 hours: Inventory all NVIDIA TensorRT-LLM deployments and document RPC component usage. Within 7 days: Disable RPC testing component if operationally unnecessary; implement OS-level privilege restrictions limiting access to essential personnel only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory