CVE-2026-24229

Severity CVSS v4.0:
Pending analysis
Type:
CWE-306 Missing Authentication for Critical Function
Publication date:
14/07/2026
Last modified:
14/07/2026

Description

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service.