Skip to main content

NVIDIA TensorRT-LLM CVE-2026-24229

| EUVDEUVD-2026-44460 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-07-14 nvidia GHSA-6297-xg77-3cg9
7.3
CVSS 3.1 · Vendor: nvidia
Share

Severity by source

Vendor (nvidia) PRIMARY
7.3 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
vuln.today AI
7.3 HIGH

Concur with NVIDIA: AV:L since the FastAPI orchestrator is a local/internal control interface, PR:N/UI:N for missing authentication, high confidentiality from state read, low integrity/availability from tampering and DoS.

3.1 AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
4.0 AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (nvidia).

CVSS VectorVendor: nvidia

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 21:23 vuln.today
CVE Published
Jul 14, 2026 - 20:04 cve.org
HIGH 7.3

DescriptionCVE.org

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service.

AnalysisAI

Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI server directly and read, write, or delete internal cluster state, resulting in information disclosure, data tampering, and denial of service. The flaw (CWE-306) affects the orchestration layer that coordinates disaggregated prefill/decode inference workers. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local/internal network access to host
Delivery
Reach orchestrator FastAPI endpoint
Exploit
Send unauthenticated state request
Execution
Read, write, or delete cluster state
Impact
Information disclosure, tampering, or DoS

Vulnerability AssessmentAI

Exploitation Exploitation requires that NVIDIA TensorRT-LLM be deployed in disaggregated serving mode with the orchestrator's FastAPI server running and reachable by the attacker; the specific enabling feature is the disaggregated orchestrator control interface, which exposes state-management endpoints without authentication (CWE-306). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-supplied CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L, score 7.3) rates this as a local, low-complexity, unauthenticated issue with high confidentiality impact and low integrity/availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with local access to a shared GPU inference host - for example a low-privileged tenant, a compromised sidecar, or a co-located process - sends crafted HTTP requests to the orchestrator's FastAPI endpoint and, because no authentication is enforced, reads internal cluster state to harvest sensitive data, tampers with routing/state entries, or deletes state to crash the serving pipeline. Given AC:L and PR:N this requires no special privileges or user interaction once the server is reachable, though the AV:L rating implies the attacker must first be positioned on the host or trusted internal network. …
Remediation No vendor-released patch version was identified in the available data, so upgrade to the fixed NVIDIA TensorRT-LLM release once NVIDIA publishes it via its product security bulletin (start from the NVD record at https://nvd.nist.gov/vuln/detail/CVE-2026-24229 and NVIDIA's advisory portal). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all TensorRT-LLM disaggregated deployments and document network exposure of FastAPI orchestrator endpoints; implement firewall rules restricting access to the orchestrator service to trusted administrative hosts only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-24233 HIGH
8.4 Jul 14

Insecure deserialization in NVIDIA TensorRT-LLM for Linux lets a local, low-privileged attacker abuse a weakness in the

CVE-2026-47472 HIGH
7.8 Jul 14

Local privilege-context deserialization in NVIDIA TensorRT-LLM lets an attacker who already has same-user access to a ho

CVE-2026-47471 HIGH
7.5 Jul 14

Heap-based buffer overflow in NVIDIA TensorRT-LLM's tensor deserialization path lets an adjacent, unauthenticated attack

CVE-2026-47473 HIGH
7.4 Jul 14

Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (C

CVE-2026-24234 MEDIUM
6.8 Jul 14

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-acces

CVE-2026-24259 MEDIUM
6.4 Jul 14

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critic

CVE-2026-24220 MEDIUM
6.4 Jul 14

NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an uns

CVE-2026-24226 MEDIUM
6.3 Jul 14

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation

CVE-2026-24271 MEDIUM
6.2 Jul 14

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause alloc

CVE-2026-47475 MEDIUM
6.2 Jul 14

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a re

CVE-2026-47470 MEDIUM
6.2 Jul 14

NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker co

Share

CVE-2026-24229 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy