Vulnerability  ·  2026-07-15

NVIDIA TensorRT-LLM — Multiple Deserialization, IPC, and Orchestrator Vulnerabilities

VulnerabilityHigh impactGlobalCVE-2026-24233
NVD published a cluster of TensorRT-LLM CVEs on 2026-07-14 covering insecure deserialization in model-weight loading, inter-process communication, tensor deserialization, and a disaggregated orchestrator component that allows unauthenticated read/write/delete of internal cluster state.
TensorRT-LLM is NVIDIA's flagship high-performance LLM inference stack used broadly in GPU-backed production AI serving; deserialization and orchestrator-state vulnerabilities in it threaten confidentiality, integrity, and availability of production model-serving clusters.
A local, unauthenticated attacker can trigger deserialization of untrusted data via the restricted unpickler used for model weight loading, potentially leading to code execution, privilege escalation, or DoS; sibling CVEs cover IPC-layer deserialization, tensor deserialization heap overflow, and unauthenticated read/write/delete of internal cluster state via the disaggregated orchestrator's FastAPI server.
NVIDIA TensorRT-LLM for Linux (restricted unpickler / model weight deserialization); related CVE-2026-47472 (IPC layer), CVE-2026-47471 (tensor deserialization heap overflow), CVE-2026-47473 (write-what-where), CVE-2026-24229 (disaggregated orchestrator FastAPI server)
Apply NVIDIA's TensorRT-LLM security updates per the NVIDIA security advisory referenced from the NVD entries; restrict local/same-user access to TRTLLM servers and disaggregated orchestrator endpoints.
NVD - CVE-2026-24233
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →