CVE-2026-24163

NVIDIA · TRT-LLM

NVIDIA TRT-LLM contains an unsafe deserialization vulnerability in its RPC testing components, posing a risk of remote code execution.

Executive summary

An unsafe deserialization vulnerability in NVIDIA TRT-LLM's RPC testing functionality could allow attackers to execute arbitrary code on the affected platform.

Vulnerability

This vulnerability is an unsafe deserialization flaw found within the Remote Procedure Call (RPC) testing component. By sending specially crafted data, an attacker may trigger this flaw to achieve unauthorized execution of code.

Business impact

Unsafe deserialization is a severe vulnerability that can lead to remote code execution (RCE) and total system compromise. With a CVSS score of 7.5, the potential for an attacker to gain control over the underlying infrastructure necessitates immediate attention to prevent operational disruption and data breach.

Remediation

Immediate Action: Apply the latest security updates provided by NVIDIA for the TRT-LLM platform to address the deserialization risk.

Proactive Monitoring: Monitor system performance and RPC traffic for unusual activity or unexpected process execution that might indicate a deserialization attempt.

Compensating Controls: Ensure that the RPC interface is not exposed to untrusted networks and utilize network segmentation to limit the impact of a potential compromise.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Given the potential for remote code execution, this vulnerability represents a significant threat to the security of any platform running NVIDIA TRT-LLM. Security teams must prioritize updating the software and restricting access to RPC interfaces to neutralize the threat effectively.