Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Local file-parsing flaw needing no privileges but victim interaction (AV:L/PR:N/UI:R); crafted-input heap overflow yields full code execution, so C/I/A all High.
Primary rating from Vendor (nvidia).
CVSS VectorVendor: nvidia
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
NVIDIA TensorRT contains a vulnerability where an attacker might cause an overflow to a heap-based buffer. A successful exploit of this vulnerability might lead to code execution.
Articles & Coverage 1
AnalysisAI
Code execution in NVIDIA TensorRT is possible when the SDK processes a maliciously crafted input that overflows a heap-based buffer (CWE-122), corrupting adjacent heap memory. The flaw affects the TensorRT deep-learning inference library and requires a local user to load attacker-supplied content, per the AV:L/UI:R CVSS vector; there is no public exploit identified at time of analysis and it is not listed in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a local user to load or process attacker-supplied content with a TensorRT-based application - the UI:R metric confirms victim interaction is mandatory, and AV:L confirms the attacker cannot trigger this over the network. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.8 (High), driven by high impact across all three dimensions but constrained by a local attack vector (AV:L) and required user interaction (UI:R) - meaning a victim must load or process attacker-supplied content, not a remotely reachable network service. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious model or serialized engine file with manipulated size/length fields and delivers it to a victim (e.g., via a shared model repository, email, or a compromised model-hub entry). When the victim loads the file into a TensorRT-based application, the parser overflows a heap buffer, corrupting memory and allowing the attacker to execute code in the context of the inference process. … |
| Remediation | Consult NVIDIA's advisory (a_id/5855) at https://nvidia.custhelp.com/app/answers/detail/a_id/5855 and upgrade TensorRT to the fixed release identified there; an exact fixed version is not present in the provided input, so treat the advisory as authoritative rather than assuming a version number. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: audit all systems running NVIDIA TensorRT, document deployed versions, and restrict local filesystem access to TensorRT processes and model directories to authorized personnel only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Local code execution in NVIDIA TensorRT is possible when the library parses an attacker-supplied input (such as a crafte
Improper array index validation (CWE-129) in NVIDIA TensorRT allows an attacker to trigger out-of-bounds memory access t
NVIDIA TensorRT for contains a vulnerability where a user might cause a deserialization of untrusted data. A successful
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44489
GHSA-jp25-r59g-9p63