CVE-2026-47472 in TensorRT-LLMinfo

Summary

by MITRE • 07/15/2026

NVIDIA TensorRT-LLM contains a vulnerability in its inter-process communication layer where an attacker with local same-user access could cause deserialization. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, and denial of service.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/15/2026

The vulnerability in NVIDIA TensorRT-LLM resides within its inter-process communication infrastructure, representing a critical security flaw that arises from improper handling of serialized data during cross-process operations. This weakness specifically affects systems where multiple processes communicate through shared memory or socket-based mechanisms, creating an attack surface that can be exploited by adversaries with local access to the same user account. The vulnerability manifests as a deserialization issue that occurs when the communication layer fails to properly validate or sanitize incoming data structures before processing them within the target process context.

The technical implementation of this flaw stems from inadequate input validation mechanisms within the IPC subsystem, where serialized objects are directly consumed without sufficient security checks or sanitization procedures. When an attacker crafts malicious serialized data and injects it into the communication channel, the deserialization process executes arbitrary code within the privileges of the target process. This type of vulnerability aligns with CWE-502 which categorizes unsafe deserialization as a significant threat vector in software systems, particularly when dealing with inter-process communication protocols that rely on object serialization for data exchange. The attack pattern follows established methodologies described in ATT&CK technique T1059.007 for command and scripting interpreter execution through deserialization attacks.

The operational impact of this vulnerability extends beyond simple code execution to encompass multiple security implications including information disclosure, data tampering, and potential denial of service conditions. An attacker could leverage this weakness to extract sensitive configuration data, credentials, or model parameters stored within the process memory space, while simultaneously corrupting system state through malicious data injection. The privilege escalation aspect of this vulnerability is particularly concerning as it allows local attackers to execute code with the same privileges as legitimate processes, potentially enabling further lateral movement within the system or access to restricted resources. This type of vulnerability creates a persistent threat vector that can be exploited repeatedly and often remains undetected for extended periods.

Mitigation strategies should focus on implementing robust input validation and sanitization procedures within the IPC layer, utilizing secure deserialization practices that prevent arbitrary code execution during object reconstruction. Organizations should consider employing sandboxing mechanisms to isolate communication components, implementing strict access controls for IPC resources, and regularly updating TensorRT-LLM installations to address known vulnerabilities. Security monitoring should include detection of anomalous deserialization patterns and suspicious process behavior within the communication layer. Additionally, developers should implement proper error handling and logging mechanisms that can identify when malicious data attempts to traverse the IPC boundaries, providing early warning capabilities for potential exploitation attempts. The remediation approach must align with industry best practices for secure coding and follow established guidelines from both CWE and ATT&CK frameworks to ensure comprehensive protection against similar vulnerabilities in future implementations.

Responsible

Nvidia

Reservation

05/19/2026

Disclosure

07/15/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

low

Sources

Interested in the pricing of exploits?

See the underground prices here!