Severity by source
AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Deserializing an attacker-supplied tensor needs no auth (PR:N) or interaction, but adjacent reachability (AV:A) and difficult heap grooming (AC:H) apply, with full C/I/A impact from memory corruption.
Primary rating from Vendor (nvidia).
CVSS VectorVendor: nvidia
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA TensorRT-LLM for any platform contains a vulnerability in tensor deserialization, where an attacker could cause a heap based buffer overflow. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.
Articles & Coverage 1
AnalysisAI
Heap-based buffer overflow in NVIDIA TensorRT-LLM's tensor deserialization path lets an adjacent, unauthenticated attacker corrupt heap memory by supplying a crafted serialized tensor, potentially causing information disclosure, data tampering, or denial of service. All platforms running affected TensorRT-LLM versions are impacted. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to reach the tensor deserialization code path with a maliciously crafted serialized tensor, meaning the target must accept and deserialize attacker-supplied tensor data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.5 (High) with vector AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, meaning no authentication or user interaction is required but the attacker must be on an adjacent network and overcome high attack complexity - consistent with the difficulty of reliably grooming a heap overflow. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker positioned on the same adjacent network as a TensorRT-LLM inference service sends a crafted serialized tensor whose size/shape metadata is malformed to the deserialization routine. The oversized fields trigger a heap-based buffer overflow, and after careful heap grooming (reflecting the high attack complexity) the attacker leaks adjacent memory, tampers with in-memory data, or crashes the service. … |
| Remediation | No vendor-released patch identified at time of analysis, so consult NVIDIA's official security bulletin for TensorRT-LLM (linked via the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-47471 and https://www.cve.org/CVERecord?id=CVE-2026-47471) and upgrade to the fixed release once published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: create complete inventory of all NVIDIA TensorRT-LLM deployments and current versions; implement firewall rules restricting network access to affected systems from untrusted networks (exploit requires adjacent network position), and disable TensorRT-LLM if not operationally critical. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Tensorrt Llm
View allInsecure deserialization in NVIDIA TensorRT-LLM for Linux lets a local, low-privileged attacker abuse a weakness in the
Local privilege-context deserialization in NVIDIA TensorRT-LLM lets an attacker who already has same-user access to a ho
Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (C
Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-acces
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critic
NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an uns
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause alloc
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a re
NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker co
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44451
GHSA-33qc-w569-hr38