Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Concur with NVIDIA: AV:L since the FastAPI orchestrator is a local/internal control interface, PR:N/UI:N for missing authentication, high confidentiality from state read, low integrity/availability from tampering and DoS.
Primary rating from Vendor (nvidia).
CVSS VectorVendor: nvidia
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service.
Articles & Coverage 1
AnalysisAI
Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI server directly and read, write, or delete internal cluster state, resulting in information disclosure, data tampering, and denial of service. The flaw (CWE-306) affects the orchestration layer that coordinates disaggregated prefill/decode inference workers. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that NVIDIA TensorRT-LLM be deployed in disaggregated serving mode with the orchestrator's FastAPI server running and reachable by the attacker; the specific enabling feature is the disaggregated orchestrator control interface, which exposes state-management endpoints without authentication (CWE-306). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L, score 7.3) rates this as a local, low-complexity, unauthenticated issue with high confidentiality impact and low integrity/availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with local access to a shared GPU inference host - for example a low-privileged tenant, a compromised sidecar, or a co-located process - sends crafted HTTP requests to the orchestrator's FastAPI endpoint and, because no authentication is enforced, reads internal cluster state to harvest sensitive data, tampers with routing/state entries, or deletes state to crash the serving pipeline. Given AC:L and PR:N this requires no special privileges or user interaction once the server is reachable, though the AV:L rating implies the attacker must first be positioned on the host or trusted internal network. … |
| Remediation | No vendor-released patch version was identified in the available data, so upgrade to the fixed NVIDIA TensorRT-LLM release once NVIDIA publishes it via its product security bulletin (start from the NVD record at https://nvd.nist.gov/vuln/detail/CVE-2026-24229 and NVIDIA's advisory portal). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all TensorRT-LLM disaggregated deployments and document network exposure of FastAPI orchestrator endpoints; implement firewall rules restricting access to the orchestrator service to trusted administrative hosts only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Tensorrt Llm
View allInsecure deserialization in NVIDIA TensorRT-LLM for Linux lets a local, low-privileged attacker abuse a weakness in the
Local privilege-context deserialization in NVIDIA TensorRT-LLM lets an attacker who already has same-user access to a ho
Heap-based buffer overflow in NVIDIA TensorRT-LLM's tensor deserialization path lets an adjacent, unauthenticated attack
Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (C
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-acces
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critic
NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an uns
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause alloc
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a re
NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker co
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44460
GHSA-6297-xg77-3cg9