CVE-2026-24233

Summary

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Affected Software

VendorProductVersion RangeStatus
NVIDIATensorRT-LLM0.0 <= v1.3.0 rc14affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

References