NVIDIA TRT-LLM deserialization vulnerability enabling code exec: CVE-2026-24142 May 2026

NVIDIA TRT-LLM for any platform contains a deserialization vulnerability and unsafe serialized handle. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure.

Vulnerability Analysis

CVE-2026-24142 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-24142 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

NVIDIA TRT-LLM deserialization vulnerability enabling code exec
CVE-2026-24142 Published on May 20, 2026

Vulnerability Analysis

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Affected Versions

NVIDIA TRT-LLM deserialization vulnerability enabling code execCVE-2026-24142 Published on May 20, 2026

Vulnerability Analysis

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Affected Versions

NVIDIA TRT-LLM deserialization vulnerability enabling code exec
CVE-2026-24142 Published on May 20, 2026