Skip to main content

NVIDIA TensorRT-LLM EUVDEUVD-2026-44449

| CVE-2026-47472 HIGH
Deserialization of Untrusted Data (CWE-502)
2026-07-14 nvidia GHSA-g2v9-2grm-8qxj
7.8
CVSS 3.1 · Vendor: nvidia
Share

Severity by source

Vendor (nvidia) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Description's 'local same-user access' maps to AV:L and PR:L; unsafe deserialization plausibly yields full code execution, so C/I/A all High and AC:L.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (nvidia).

CVSS VectorVendor: nvidia

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 21:20 vuln.today
CVE Published
Jul 14, 2026 - 20:01 cve.org
HIGH 7.8

DescriptionCVE.org

NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service.

AnalysisAI

Local privilege-context deserialization in NVIDIA TensorRT-LLM lets an attacker who already has same-user access to a host running the inference stack abuse its inter-process communication layer to trigger unsafe object deserialization (CWE-502), potentially yielding code execution, information disclosure, data tampering, and denial of service. The flaw is vendor-reported by NVIDIA and carries a CVSS 3.1 base of 7.8 (AV:L), meaning it is not remotely reachable but converts existing local access into full compromise of the model-serving process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local same-user foothold on host
Delivery
Locate TensorRT-LLM IPC channel
Exploit
Inject crafted serialized payload
Execution
Trigger unsafe deserialization (CWE-502)
Persist
Execute code in inference process
Impact
Exfiltrate/tamper model data or crash service

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already have local, same-user access on the host running TensorRT-LLM and the ability to interact with (write to/inject into) its inter-process communication channel - the CVSS metrics AV:L/PR:L/UI:N confirm local access with low privileges and no user interaction. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are internally consistent for a serious-but-locally-scoped issue: the CVSS 3.1 vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H gives 7.8 (High) driven by full C/I/A impact, but attack vector is Local and requires low privileges (PR:L), i.e. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already gained a foothold as the same OS user that runs the TensorRT-LLM inference service (for example via a compromised co-located application or a shared-account CI/inference host) writes a crafted serialized payload into the runtime's IPC channel. When the TensorRT-LLM process deserializes that data, the malicious object is instantiated and executes attacker code in the context of the model-serving process, giving full read/write access to model data and the ability to crash the service. …
Remediation No vendor-released patch version was identified in the provided data, so the primary action is to monitor NVIDIA's security bulletin channel (typically https://nvidia.custhelp.com / the NVIDIA Product Security page) referenced from the CVE and upgrade TensorRT-LLM to the fixed release as soon as NVIDIA publishes it, then track the CVE via https://nvd.nist.gov/vuln/detail/CVE-2026-47472. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all production and development systems running NVIDIA TensorRT-LLM, document which have local user access or untrusted application execution, and restrict access to the most critical inference servers. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-24233 HIGH
8.4 Jul 14

Insecure deserialization in NVIDIA TensorRT-LLM for Linux lets a local, low-privileged attacker abuse a weakness in the

CVE-2026-47471 HIGH
7.5 Jul 14

Heap-based buffer overflow in NVIDIA TensorRT-LLM's tensor deserialization path lets an adjacent, unauthenticated attack

CVE-2026-47473 HIGH
7.4 Jul 14

Memory corruption in NVIDIA TensorRT-LLM allows an attacker with local access to trigger a write-what-where primitive (C

CVE-2026-24229 HIGH
7.3 Jul 14

Missing authentication in NVIDIA TensorRT-LLM for Linux lets an attacker reach the disaggregated orchestrator's FastAPI

CVE-2026-24234 MEDIUM
6.8 Jul 14

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the multimodal media fetching functions, where a network-acces

CVE-2026-24259 MEDIUM
6.4 Jul 14

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause missing authentication for a critic

CVE-2026-24220 MEDIUM
6.4 Jul 14

NVIDIA TensorRT-LLM for any platform contains a vulnerability in visual gen server, where an attacker could cause an uns

CVE-2026-24226 MEDIUM
6.3 Jul 14

NVIDIA TensorRT-LLM for Linux contains a vulnerability where an attacker could cause improper control of code generation

CVE-2026-24271 MEDIUM
6.2 Jul 14

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API, where an attacker could cause alloc

CVE-2026-47475 MEDIUM
6.2 Jul 14

NVIDIA TensorRT-LLM contains a vulnerability in the OpenAI-compatible inference API where an attacker could trigger a re

CVE-2026-47470 MEDIUM
6.2 Jul 14

NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker co

Share

EUVD-2026-44449 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy