Skip to main content

NVIDIA TensorRT-LLM CVE-2026-47471

| EUVDEUVD-2026-44451 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-07-14 nvidia GHSA-33qc-w569-hr38
7.5
CVSS 3.1 · Vendor: nvidia
Share

Severity by source

Vendor (nvidia) PRIMARY
7.5 HIGH
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.5 HIGH

Deserializing an attacker-supplied tensor needs no auth (PR:N) or interaction, but adjacent reachability (AV:A) and difficult heap grooming (AC:H) apply, with full C/I/A impact from memory corruption.

3.1 AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (nvidia).

CVSS VectorVendor: nvidia

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 21:21 vuln.today
CVE Published
Jul 14, 2026 - 20:02 cve.org
HIGH 7.5

DescriptionCVE.org

NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.

AnalysisAI

Heap-based buffer overflow in NVIDIA TensorRT-LLM's tensor deserialization path lets an adjacent, unauthenticated attacker corrupt heap memory by supplying a crafted serialized tensor, potentially causing information disclosure, data tampering, or denial of service. All platforms running affected TensorRT-LLM versions are impacted. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain adjacent-network access to TensorRT-LLM service
Delivery
Craft malicious serialized tensor
Exploit
Submit tensor to deserialization endpoint
Execution
Trigger heap buffer overflow
Persist
Corrupt heap memory
Impact
Leak data, tamper, or crash service

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to reach the tensor deserialization code path with a maliciously crafted serialized tensor, meaning the target must accept and deserialize attacker-supplied tensor data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score is 7.5 (High) with vector AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning no authentication or user interaction is required but the attacker must be on an adjacent network and overcome high attack complexity - consistent with the difficulty of reliably grooming a heap overflow. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker positioned on the same adjacent network as a TensorRT-LLM inference service sends a crafted serialized tensor whose size/shape metadata is malformed to the deserialization routine. The oversized fields trigger a heap-based buffer overflow, and after careful heap grooming (reflecting the high attack complexity) the attacker leaks adjacent memory, tampers with in-memory data, or crashes the service. …
Remediation No vendor-released patch identified at time of analysis, so consult NVIDIA's official security bulletin for TensorRT-LLM (linked via the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-47471 and https://www.cve.org/CVERecord?id=CVE-2026-47471) and upgrade to the fixed release once published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: create complete inventory of all NVIDIA TensorRT-LLM deployments and current versions; implement firewall rules restricting network access to affected systems from untrusted networks (exploit requires adjacent network position), and disable TensorRT-LLM if not operationally critical. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-24233 HIGH
8.4 Jul 14

Insecure deserialization in NVIDIA TensorRT-LLM for Linux lets a local, low-privileged attacker abuse a weakness in the

CVE-2026-47472 HIGH
7.8 Jul 14

Local privilege-context deserialization in NVIDIA TensorRT-LLM lets an attacker who already has same-user access to a ho

CVE-2026-47473 HIGH
7.4 Jul 14

Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (C

CVE-2026-24229 HIGH
7.3 Jul 14

Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI

CVE-2026-24234 MEDIUM
6.8 Jul 14

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-acces

CVE-2026-24259 MEDIUM
6.4 Jul 14

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critic

CVE-2026-24220 MEDIUM
6.4 Jul 14

NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an uns

CVE-2026-24226 MEDIUM
6.3 Jul 14

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation

CVE-2026-24271 MEDIUM
6.2 Jul 14

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause alloc

CVE-2026-47475 MEDIUM
6.2 Jul 14

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a re

CVE-2026-47470 MEDIUM
6.2 Jul 14

NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker co

Share

CVE-2026-47471 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy