NVIDIA TensorRT CVE-2026-24188

NVIDIA disclosed a high-severity security flaw in TensorRT on May 19, adding another patch item for companies running AI inference infrastructure in production. The issue, tracked as CVE-2026-24188, is an out-of-bounds write in TensorRT, NVIDIA’s software development kit for optimizing and accelerating deep learning inference on NVIDIA GPUs. (nvidia.com) The National Vulnerability Database says the bug could let an attacker cause an out-of-bounds write, while NVIDIA says successful exploitation could lead to data tampering. (nvd.nist.gov) The affected software range listed by NVD covers TensorRT releases up to, but excluding, 10.16.1. ### Which TensorRT deployments are in scope here? NVIDIA’s documentation describes TensorRT as an SDK used to optimize trained models from frameworks such as PyTorch, TensorFlow and ONNX for high-performance deployment on NVIDIA GPUs. That makes the bug relevant to operators using TensorRT as part of model-serving stacks, batch inference systems or embedded inference pipelines rather than only to developers testing models on workstations. NVD lists the affected software as NVIDIA TensorRT versions before 10.16.1. NVIDIA’s Product Security page shows the vendor published “NVIDIA TensorRT - May 2026,” bulletin 5836, on May 19 and tagged CVE-2026-24188 as high severity. (nvd.nist.gov) ### What do NVIDIA and NIST say the flaw can do? NVD’s description says “an attacker could cause an out-of-bounds write,” and that the result might lead to data tampering. The same NVD entry shows a CVSS 3.1 base score of 7.5 from NIST and 8.2 from NVIDIA, reflecting different assessments of the bug’s potential impact. (docs.nvidia.com) NVD maps the issue to CWE-787, the standard weakness category for out-of-bounds write flaws. In practice, that class of bug is associated with memory corruption risks, and operators typically treat it as a runtime integrity issue because it can affect process stability and correctness even when no public exploitation details are available. (nvd.nist.gov) That characterization here is an inference based on the weakness type and the vendor and NVD descriptions. ### Why does this matter beyond a single library update? TensorRT sits in the inference path, not at the edge of a typical enterprise desktop fleet. (nvd.nist.gov) That means the operational question is less about end-user exposure and more about what depends on the runtime: model-serving containers, GPU nodes, orchestration images and the observability around inference crashes or anomalous behavior. NVIDIA’s own documentation positions TensorRT as a deployment component for production inference, including support for transformer and large language model workloads. NVIDIA published a separate May 2026 bulletin for Triton Inference Server on the same Product Security page, underscoring that inference infrastructure is being patched across multiple layers. (nvd.nist.gov) Teams that run Triton with TensorRT-backed workloads would typically need to check both the serving layer and the runtime layer during remediation. That linkage is an operational inference from NVIDIA’s bulletin listings, not a statement by the company that the two issues are directly related. ### What should operators check first? Version 10.16.1 is the first release NVD does not mark as vulnerable, and NVIDIA’s latest TensorRT documentation highlights 10.16.1 as the current release. (docs.nvidia.com) Operators usually start by identifying where TensorRT is installed directly, bundled into containers, or pulled in through inference images and platform dependencies. NVIDIA’s Product Security page says customers should follow the guidance in its bulletins regarding software package updates or specified mitigations, and it offers subscription notifications for bulletin releases and revisions. (nvidia.com) The next concrete step for users is bulletin 5836 on NVIDIA’s Product Security site and the corresponding upgrade path to 10.16.1 or later in TensorRT release documentation. (nvd.nist.gov)