Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description's 'local same-user access' maps to AV:L and PR:L; unsafe deserialization plausibly yields full code execution, so C/I/A all High and AC:L.
Primary rating from Vendor (nvidia).
CVSS VectorVendor: nvidia
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service.
Articles & Coverage 1
AnalysisAI
Local privilege-context deserialization in NVIDIA TensorRT-LLM lets an attacker who already has same-user access to a host running the inference stack abuse its inter-process communication layer to trigger unsafe object deserialization (CWE-502), potentially yielding code execution, information disclosure, data tampering, and denial of service. The flaw is vendor-reported by NVIDIA and carries a CVSS 3.1 base of 7.8 (AV:L), meaning it is not remotely reachable but converts existing local access into full compromise of the model-serving process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already have local, same-user access on the host running TensorRT-LLM and the ability to interact with (write to/inject into) its inter-process communication channel - the CVSS metrics AV:L/PR:L/UI:N confirm local access with low privileges and no user interaction. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are internally consistent for a serious-but-locally-scoped issue: the CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H gives 7.8 (High) driven by full C/I/A impact, but attack vector is Local and requires low privileges (PR:L), i.e. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already gained a foothold as the same OS user that runs the TensorRT-LLM inference service (for example via a compromised co-located application or a shared-account CI/inference host) writes a crafted serialized payload into the runtime's IPC channel. When the TensorRT-LLM process deserializes that data, the malicious object is instantiated and executes attacker code in the context of the model-serving process, giving full read/write access to model data and the ability to crash the service. … |
| Remediation | No vendor-released patch version was identified in the provided data, so the primary action is to monitor NVIDIA's security bulletin channel (typically https://nvidia.custhelp.com / the NVIDIA Product Security page) referenced from the CVE and upgrade TensorRT-LLM to the fixed release as soon as NVIDIA publishes it, then track the CVE via https://nvd.nist.gov/vuln/detail/CVE-2026-47472. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all production and development systems running NVIDIA TensorRT-LLM, document which have local user access or untrusted application execution, and restrict access to the most critical inference servers. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Tensorrt Llm
View allInsecure deserialization in NVIDIA TensorRT-LLM for Linux lets a local, low-privileged attacker abuse a weakness in the
Heap-based buffer overflow in NVIDIA TensorRT-LLM's tensor deserialization path lets an adjacent, unauthenticated attack
Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (C
Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-acces
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critic
NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an uns
NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause alloc
NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a re
NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker co
Same weakness CWE-502 – Deserialization of Untrusted Data
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44449
GHSA-g2v9-2grm-8qxj