CVE-2026-24229

Summary

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service.

Affected Software

VendorProductVersion RangeStatus
NVIDIATensorRT-LLM0.0 <= v1.3.0 rc16affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

References