NVIDIA TensorRT Out-of-Bounds Write (CVE-2026-24188) Poses Data Tampering Risk
The National Vulnerability Database has disclosed CVE-2026-24188, a high-severity vulnerability (CVSS 8.2) impacting NVIDIA TensorRT. This flaw, categorized as an out-of-bounds write (CWE-787), allows an attacker to manipulate memory outside of allocated buffers. The immediate consequence of a successful exploit is data tampering, which can have significant integrity implications for systems relying on TensorRT.
While specific affected products beyond NVIDIA TensorRT are not detailed by the National Vulnerability Database, the nature of this vulnerability suggests a broad impact across environments leveraging this high-performance deep learning inference library. Defenders must recognize that data tampering, especially in AI/ML pipelines, can lead to model poisoning, incorrect inferences, or even provide a pivot for further system compromise.
CISOs need to identify all instances of NVIDIA TensorRT within their infrastructure, from development environments to production deployments. Prioritizing patching is critical. Given the lack of specificity on affected versions, a comprehensive audit and update strategy is warranted to mitigate the risk of attackers corrupting critical data or undermining the integrity of AI-driven processes.
What This Means For You
- If your organization uses NVIDIA TensorRT, you need to identify all deployments immediately. This out-of-bounds write (CVE-2026-24188) can lead directly to data tampering, compromising the integrity of your AI/ML models and data pipelines. Prioritize patching as soon as NVIDIA releases a fix.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-24188 - NVIDIA TensorRT Out-of-Bounds Write
title: CVE-2026-24188 - NVIDIA TensorRT Out-of-Bounds Write
id: scw-2026-05-20-ai-1
status: experimental
level: high
description: |
This rule detects the execution of NVIDIA TensorRT processes with command-line arguments that suggest an attempt to exploit CVE-2026-24188. The vulnerability allows for an out-of-bounds write, potentially leading to data tampering. The presence of '--load-dynamic-library' or '--export-engine' in conjunction with TensorRT executables (like 'nvinfer') can indicate an exploit attempt.
author: SCW Feed Engine (AI-generated)
date: 2026-05-20
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-24188/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: process_creation
detection:
selection:
Image|contains:
- 'nvinfer'
CommandLine|contains:
- '--load-dynamic-library'
- '--export-engine'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-24188 | Memory Corruption | NVIDIA TensorRT |
| CVE-2026-24188 | Out-of-bounds Write | Out-of-bounds write vulnerability in NVIDIA TensorRT |
| CVE-2026-24188 | Data Tampering | Successful exploit might lead to data tampering |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 20, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-4811 — Cross-Site Scripting (XSS)
CVE-2026-4811 — The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
CVE-2026-1881 — The Broadstreet plugin for WordPress is vulnerable to
CVE-2026-1881 — The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get_sponsored_meta...
CVE-2026-9149 — Libsolv Buffer Overflow
CVE-2026-9149 — A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative...