{"data":{"id":"06a7b978-c8bf-4bfa-bf8d-930b335a0902","title":"CVE-2026-24233: NVIDIA TensorRT-LLM for Linux contains a vulnerability in the restricted unpickler used for model weight deserialization","summary":"NVIDIA TensorRT-LLM for Linux has a vulnerability in its unpickler (a tool that converts serialized data back into usable objects) that allows local attackers to deserialize untrusted data. A successful attack could lead to code execution, privilege escalation, data tampering, and information disclosure.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-24233","publishedAt":"2026-07-14T21:16:44.187Z","cveId":"CVE-2026-24233","cweIds":["CWE-502"],"cvssScore":"8.4","cvssSeverity":"high","severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["NVIDIA"],"affectedVendorsRaw":["NVIDIA TensorRT-LLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"local","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-14T21:16:44.187Z","capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"model","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}