CVE-2026-47470 in TensorRT-LLM
Summary
by MITRE • 07/15/2026
NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 07/15/2026
The vulnerability identified in NVIDIA TensorRT-LLM affects the gRPC server chat API endpoint across all supported platforms, presenting a significant security risk that stems from improper input validation mechanisms. This flaw falls under CWE-20, which represents "Improper Input Validation" and is categorized as a fundamental weakness in software design that allows malicious inputs to bypass security checks. The vulnerability specifically manifests within the gRPC server implementation where the chat API endpoint fails to adequately validate incoming requests, creating an opportunity for attackers to manipulate the system through carefully crafted inputs.
The technical nature of this vulnerability enables local attackers to exploit the system by sending malformed or unexpected data to the gRPC chat API endpoint, which then processes these inputs without sufficient sanitization or validation controls. This processing failure creates a pathway for attackers to trigger unintended behavior within the TensorRT-LLM service, potentially leading to system instability and operational disruption. The attack vector is classified as local since it requires an attacker with access to the same system or network segment where the vulnerable service operates, making it particularly concerning for environments where multiple users or processes share the same infrastructure.
From an operational impact perspective, successful exploitation of this vulnerability could result in denial of service conditions that severely compromise the availability and reliability of the TensorRT-LLM service. The denial of service attack would prevent legitimate users from accessing the chat functionality, effectively rendering the API endpoint unusable for its intended purpose. This type of attack can have cascading effects on applications that depend on the TensorRT-LLM service for inference tasks, potentially causing broader system failures or requiring manual intervention to restore service availability.
The vulnerability aligns with ATT&CK technique T1499.004 which covers "Endpoint Denial of Service" and represents a classic example of how input validation flaws can be weaponized to disrupt service availability. Organizations utilizing NVIDIA TensorRT-LLM in production environments face increased risk exposure, particularly in scenarios where the service operates without proper network segmentation or additional protective measures. The local attack requirement means that while the vulnerability is not directly exploitable from external networks, it remains a serious concern for internal threat actors or compromised user accounts that could potentially leverage this weakness to disrupt system operations.
Mitigation strategies should focus on implementing comprehensive input validation mechanisms within the gRPC server implementation, including strict parameter validation, rate limiting controls, and enhanced error handling procedures. Organizations should also consider deploying network segmentation measures to limit local access to vulnerable systems and implement monitoring solutions that can detect anomalous API behavior patterns. Additionally, applying timely patches from NVIDIA and maintaining updated security configurations will help address this vulnerability while following industry best practices for secure software development. The remediation process should include thorough testing of input validation controls to ensure they properly handle edge cases and prevent the exploitation vectors that lead to denial of service conditions.
This vulnerability demonstrates the critical importance of proper input validation in distributed computing environments, particularly when dealing with high-performance inference frameworks like TensorRT-LLM that are increasingly deployed in production systems. The combination of local attack accessibility and potential denial of service impact makes this a priority for immediate remediation, as it represents a straightforward path for attackers to disrupt critical AI inference services without requiring sophisticated exploitation techniques or extensive reconnaissance efforts.