Cyber Resilience

CVE-2026-24188

High

Published: 20 May 2026

Published
20 May 2026
Modified
22 May 2026
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
EPSS Score 0.0038 29.6th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-24188 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Nvidia Tensorrt. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data Manipulation (T1565); ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Other ATLAS/OWASP Terms risk domain.

EU & UK References

Vulnerability details

NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to data tampering.

CWE(s)

AI Security AnalysisAI

AI Category
Deep Learning Frameworks
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: tensorrt

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1565 Data Manipulation Impact
Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
T1565.003 Runtime Data Manipulation Impact
Adversaries may modify systems in order to manipulate the data as it is accessed and displayed to an end user, thus threatening the integrity of the data.
Why these techniques?

Out-of-bounds write directly enables stored/runtime data manipulation (tampering) as stated in the impact description.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-24193Same vendor: Nvidia
CVE-2025-33223Same vendor: Nvidia
CVE-2025-33239Same vendor: Nvidia
CVE-2026-24151Same vendor: Nvidia
CVE-2026-24195Same vendor: Nvidia
CVE-2025-33253Same vendor: Nvidia
CVE-2025-33249Same vendor: Nvidia
CVE-2026-24154Same vendor: Nvidia
CVE-2025-33181Same vendor: Nvidia
CVE-2026-24241Same vendor: Nvidia

Affected Assets

nvidia
tensorrt
≤ 10.16.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References