CVE-2026-24229 in TensorRT-LLMinfo

Summary

by MITRE • 07/15/2026

NVIDIA TensorRT-LLM for Linux contains a vulnerability in the disaggregated orchestrator component, where an attacker could read, write, or delete internal cluster state by sending requests to the FastAPI server. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and denial of service.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/15/2026

The vulnerability identified in NVIDIA TensorRT-LLM for Linux resides within its disaggregated orchestrator component, specifically exposing a critical security flaw in the FastAPI server implementation that governs cluster state management operations. This issue represents a significant concern for organizations deploying AI inference workloads in distributed environments where cluster orchestration and state persistence are paramount to system integrity. The vulnerability stems from insufficient access controls and authentication mechanisms within the FastAPI server interface, allowing unauthorized actors to perform privileged operations against internal cluster state data through crafted API requests.

The technical nature of this flaw aligns with CWE-284 Access Control Issues, where improper access control allows attackers to bypass intended security restrictions and gain unauthorized access to system resources. The vulnerability manifests when an attacker can send malicious requests to the FastAPI server endpoint responsible for managing cluster state information, effectively enabling them to read sensitive internal data structures, modify critical configuration parameters, or delete essential cluster metadata. This represents a direct violation of the principle of least privilege and demonstrates inadequate input validation and authentication mechanisms within the orchestrator's API layer.

The operational impact of this vulnerability extends beyond simple unauthorized access, creating potential for cascading failures throughout the distributed inference system. An attacker who successfully exploits this weakness could compromise the integrity of cluster state information, leading to data tampering that might cause inference workloads to fail or produce incorrect results. The ability to delete internal cluster state information creates a denial of service scenario where legitimate users cannot access or utilize the AI inference services. Additionally, information disclosure through read operations could expose sensitive configuration details, model parameters, or system architecture elements that would aid in planning further attacks against the broader infrastructure.

Security professionals should consider this vulnerability in the context of ATT&CK technique T1566 Credential Access and T1485 Data Manipulation, where attackers can leverage weak API security controls to gain unauthorized access and manipulate system state. The attack surface is particularly concerning for organizations using NVIDIA TensorRT-LLM in production environments where multiple AI workloads depend on consistent cluster state management. Organizations should prioritize immediate remediation efforts including implementing proper authentication mechanisms, enforcing strict access controls, and conducting comprehensive security reviews of all API endpoints within the disaggregated orchestrator component.

Mitigation strategies should include deploying robust authentication protocols such as OAuth2 or JWT tokens for API access, implementing rate limiting to prevent abuse of the FastAPI server endpoints, and conducting regular penetration testing to identify potential unauthorized access vectors. Network segmentation and firewall rules should be configured to restrict direct access to the FastAPI server from untrusted networks, while also implementing comprehensive logging and monitoring of all API access attempts to detect suspicious activities. Organizations should also consider applying the principle of defense in depth by implementing additional security controls such as API gateways with built-in security features and regular security updates to address known vulnerabilities in the underlying FastAPI framework components.

Responsible

Nvidia

Reservation

01/21/2026

Disclosure

07/15/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!