Listen to this Post
The vulnerability arises from a missing bounds check in TensorRT’s tensor processing routines during model optimization or execution. When parsing certain input parameters or malformed neural network configurations, the software fails to validate array indices or buffer limits before performing memory writes. This allows an attacker to write data beyond the allocated buffer boundary (CWE-787). The issue exists because of inadequate input validation within TensorRT’s internal memory management systems. The attack vector is network‑based (AV:N), requires low attack complexity (AC:L), no privileges (PR:N), and no user interaction (UI:N). The CVSS base score is 8.2, indicating a high‑risk vulnerability. Successful exploitation can overwrite adjacent memory structures, leading to corruption of legitimate data. This could allow an attacker to manipulate inference results, tamper with AI model outputs, or cause denial of service. The vulnerability is present in all TensorRT versions before 10.16.1. No public exploit code has been released, and the CISA KEV catalog does not list it. However, the high CVSS score and network exploitability demand urgent attention. Immediate remediation involves upgrading to TensorRT 10.16.1 or later, which introduces proper bounds checking.
dailycve form
Platform: NVIDIA TensorRT
Version: up to 10.16.0
Vulnerability: out-of-bounds write
Severity: High
date: 2026-05-20
Prediction: 2026-06-15
Analytics
What Undercode Say:
Check installed TensorRT version (Debian/Ubuntu)
dpkg -l | grep tensorrt | awk '{print $3}'
Check TensorRT version via pip
pip show tensorrt | grep Version
Quick vulnerable version check
trt_ver=$(pip show tensorrt 2>/dev/null | grep Version | awk '{print $2}')
if [[ "$trt_ver" < "10.16.1" ]]; then
echo "CVE-2026-24188: Vulnerable"
else
echo "CVE-2026-24188: Not vulnerable"
fi
Exploit:
No public exploit exists. A theoretical attack would involve feeding a specially crafted ONNX model or TensorRT engine file that triggers the out‑of‑bounds write during model parsing or execution. The attacker would need network access to the TensorRT service or the ability to supply malicious input to an application that uses TensorRT.
Protection from this CVE
- Upgrade to NVIDIA TensorRT version 10.16.1 or later.
- If upgrading is not immediately possible, restrict network access to TensorRT‑enabled services.
- Monitor system logs for unexpected memory access violations or application crashes.
- Validate integrity of TensorRT inputs using strict input sanitization.
Impact:
Successful exploitation leads to data tampering, which can alter AI inference results. In critical environments (e.g., medical diagnostics, autonomous systems, financial trading), this could cause incorrect decisions, compliance violations, or system compromise. The vulnerability has a high integrity impact (I:H) and low availability impact (A:L).
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

