CVE-2026-24160
Published: 20 May 2026
Summary
CVE-2026-24160 is a medium-severity Unchecked Return Value to NULL Pointer Dereference (CWE-690) vulnerability in Nvidia Tensorrt Llm. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as NLP and Transformers; in the Other ATLAS/OWASP Terms risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-31058
Vulnerability details
NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
- CWE(s)
AI Security AnalysisAI
- AI Category
- NLP and Transformers
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: llm
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null pointer dereference enables direct application exploitation for endpoint DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.