CVE-2026-24233

Severity CVSS v4.0:
Pending analysis
Type:
CWE-502 Deserialization of Untrusted Dat
Publication date:
14/07/2026
Last modified:
14/07/2026

Description

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization, where a local, unauthenticated attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.