Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Local file-parsing flaw needing the victim to load crafted input, so AV:L and UI:R; no auth required (PR:N); code execution yields full C:H/I:H/A:H.
Primary rating from Vendor (nvidia).
CVSS VectorVendor: nvidia
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA TensorRT for contains a vulnerability where an attacker might cause an improper validation of array index. A successful exploit of this vulnerability might lead to code execution.
Articles & Coverage 1
AnalysisAI
Improper array index validation (CWE-129) in NVIDIA TensorRT allows an attacker to trigger out-of-bounds memory access that may lead to arbitrary code execution when a victim processes malicious input on the local host. The CVSS 3.1 vector (AV:L/UI:R) indicates the target must actively load attacker-controlled content, so exploitation hinges on tricking a user or automated pipeline into ingesting a crafted model or input file. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim host to load and process attacker-controlled input through TensorRT (AV:L, UI:R): a user or automated pipeline must actively open or ingest a crafted model, engine, or input file for the vulnerable code path to be reached - remote or unauthenticated triggering is not indicated. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.8 (High), driven by C:H/I:H/A:H, but the vector is constrained: AV:L means no network reach and UI:R means a user or process must actively load malicious content, which materially lowers real-world exploitability versus a remote unauthenticated flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious model or serialized engine file containing an out-of-range array index and delivers it to a target, for example by publishing it to a model hub, emailing it, or submitting it to a shared inference/build pipeline. When an engineer or automated service on the local host loads the file into TensorRT, the improper index validation causes out-of-bounds memory access that the attacker leverages to execute code in the context of the TensorRT process. … |
| Remediation | Upgrade TensorRT to the fixed release specified in NVIDIA's security bulletin at https://nvidia.custhelp.com/app/answers/detail/a_id/5855; the exact patched version is not present in the provided data and should be taken directly from that advisory rather than assumed (patch available per vendor advisory, released patched version not independently confirmed from the input). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all systems running NVIDIA TensorRT and document their network connectivity and user access patterns. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Code execution in NVIDIA TensorRT is possible when the SDK processes a maliciously crafted input that overflows a heap-b
Local code execution in NVIDIA TensorRT is possible when the library parses an attacker-supplied input (such as a crafte
NVIDIA TensorRT for contains a vulnerability where a user might cause a deserialization of untrusted data. A successful
Same weakness CWE-129 – Improper Validation of Array Index
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44487
GHSA-8jxq-crv3-7q3x