Unsafe Deserialization Vulnerability in NVIDIA TensorRT-LLM
CVE-2026-24220

6.4MEDIUM

Key Information:

Vendor

Nvidia

Vendor
CVE Published:
14 July 2026

What is CVE-2026-24220?

NVIDIA TensorRT-LLM for any platform is exposed to a vulnerability in its visual gen server component, allowing an attacker to exploit unauthorized zeroMQ deserialization. This security flaw could potentially lead to arbitrary code execution if successfully exploited, posing significant risks to systems utilizing the affected products. It is essential for users to review their configurations and apply necessary patches to mitigate this risk.

Affected Version(s)

TensorRT-LLM 0.0

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.