PatchSiren cyber security CVE debrief
CVE-2026-24188 NVIDIA CVE debrief
CVE-2026-24188 describes an out-of-bounds write in NVIDIA TensorRT. According to the published CVE record, a successful exploit could lead to data tampering. The CVSS vector indicates network-based, low-complexity exploitation with no privileges or user interaction required, making this a high-priority integrity issue for environments that deploy TensorRT.
- Vendor
- NVIDIA
- Product
- TensorRT
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-20
- Original CVE updated
- 2026-05-21
- Advisory published
- 2026-05-20
- Advisory updated
- 2026-05-21
Who should care
Security teams, platform owners, and ML/AI infrastructure operators who deploy or distribute NVIDIA TensorRT should care most. Systems that process untrusted models, inputs, or inference workloads should treat this as a priority because the issue can be triggered remotely and may alter data integrity.
Technical summary
The CVE record identifies CWE-787 (out-of-bounds write) and a CVSS v3.1 vector of AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L. That combination suggests a remotely reachable flaw with integrity impact as the primary concern and some availability impact. The supplied references point to NVIDIA PSIRT and the NVD entry, but the corpus does not include remediation details or affected version ranges.
Defensive priority
High. The published CVSS score is 8.2 and the attack vector requires no privileges or user interaction. Because the stated impact includes data tampering, organizations using TensorRT should prioritize exposure assessment and patch validation as soon as vendor guidance is available.
Recommended defensive actions
- Review NVIDIA PSIRT advisory linked from the CVE record and identify whether any deployed TensorRT versions are affected.
- Inventory systems, containers, and pipelines that include TensorRT, especially those processing untrusted or externally sourced model artifacts.
- Apply vendor-provided fixes or mitigations as soon as they are available, and verify the updated version in build and runtime environments.
- Use integrity monitoring and change detection around ML inference assets and outputs where TensorRT is deployed.
- Restrict exposure of TensorRT-backed services to trusted network paths until remediation is complete.
- Track the NVD record and the NVIDIA reference for any updates to affected versions, workaround guidance, or release timelines.
Evidence notes
The debrief is based only on the supplied CVE record and official references. The source corpus states: NVIDIA TensorRT is affected; the weakness is CWE-787; the CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L; and the likely impact is data tampering. The vendor mapping in the prompt is low-confidence/needs review, so the product attribution is treated as evidence-backed but limited to the provided description and references.
Official resources
-
CVE-2026-24188 CVE record
CVE.org
-
CVE-2026-24188 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
Published and modified on 2026-05-20T20:16:36.203Z in the supplied CVE timeline. The record references NVIDIA PSIRT and official CVE/NVD sources; no exploit details or remediation specifics were included in the corpus.