Skip to main content

NVIDIA TensorRT EUVDEUVD-2026-44489

| CVE-2026-24272 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-07-14 nvidia GHSA-jp25-r59g-9p63
7.8
CVSS 3.1 · Vendor: nvidia
Share

Severity by source

Vendor (nvidia) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local file-parsing flaw needing no privileges but victim interaction (AV:L/PR:N/UI:R); crafted-input heap overflow yields full code execution, so C/I/A all High.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (nvidia).

CVSS VectorVendor: nvidia

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 21:21 vuln.today
CVE Published
Jul 14, 2026 - 20:16 cve.org
HIGH 7.8

DescriptionCVE.org

NVIDIA TensorRT contains a vulnerability where an attacker might cause an overflow to a heap-based buffer. A successful exploit of this vulnerability might lead to code execution.

AnalysisAI

Code execution in NVIDIA TensorRT is possible when the SDK processes a maliciously crafted input that overflows a heap-based buffer (CWE-122), corrupting adjacent heap memory. The flaw affects the TensorRT deep-learning inference library and requires a local user to load attacker-supplied content, per the AV:L/UI:R CVSS vector; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious TensorRT model/engine file
Delivery
Deliver to victim via model repo or file
Exploit
Victim loads file into TensorRT
Execution
Overflow heap buffer during parsing
Impact
Execute code in inference process context

Vulnerability AssessmentAI

Exploitation Exploitation requires a local user to load or process attacker-supplied content with a TensorRT-based application - the UI:R metric confirms victim interaction is mandatory, and AV:L confirms the attacker cannot trigger this over the network. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score is 7.8 (High), driven by high impact across all three dimensions but constrained by a local attack vector (AV:L) and required user interaction (UI:R) - meaning a victim must load or process attacker-supplied content, not a remotely reachable network service. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious model or serialized engine file with manipulated size/length fields and delivers it to a victim (e.g., via a shared model repository, email, or a compromised model-hub entry). When the victim loads the file into a TensorRT-based application, the parser overflows a heap buffer, corrupting memory and allowing the attacker to execute code in the context of the inference process. …
Remediation Consult NVIDIA's advisory (a_id/5855) at https://nvidia.custhelp.com/app/answers/detail/a_id/5855 and upgrade TensorRT to the fixed release identified there; an exact fixed version is not present in the provided input, so treat the advisory as authoritative rather than assuming a version number. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: audit all systems running NVIDIA TensorRT, document deployed versions, and restrict local filesystem access to TensorRT processes and model directories to authorized personnel only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44489 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy