CVE-2026-24142
MEDIUM 6.3NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.
NO EXPLOITATION SIGNALS
No known exploitation, public exploit, or elevated probability at this time. Track for changes.
Exploitation likelihood
0.4%chance of exploitation in 30 days · 30th percentile
○ In CISA KEV
○ Public exploit / PoC
Impact if exploited
6.3CVSS 3.1 · MEDIUM
- ConfidentialityLow
- IntegrityLow
- AvailabilityLow
What an attacker needs
- ⚠Access: Requires local access to the host
- ⚠Privileges: Requires a low-privilege account
- ✓User interaction: No user interaction needed
- ✓Complexity: No special conditions — reliably repeatable
✓ lowers the bar for an attacker · ⚠ raises it
Weakness (CWE)
- CWE-502: Deserialization of untrusted data
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L