CVE-2026-24233
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| NVIDIA | TensorRT-LLM | 0.0 <= v1.3.0 rc14 | affected |
Weaknesses
- CWE-502: CWE-502 Deserialization of Untrusted Data
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.