CVE-2026-24271: CWE-770 Allocation of Resources Without Limits or Throttling in NVIDIA TensorRT-LLM
NVIDIA TensorRT-LLM has a vulnerability in its OpenAI-compatible inference API that allows an attacker to cause allocation of GPU resources without any limits or throttling. This can lead to denial of service conditions. The vulnerability is identified as CWE-770 and affects version 0.0 of the product. The CVSS score is 6.2, indicating a medium severity level. No patch or official remediation has been announced yet.
AI Analysis
Technical Summary
CVE-2026-24271 is a resource allocation vulnerability in NVIDIA TensorRT-LLM's OpenAI-compatible inference API. The flaw allows an attacker to trigger unlimited GPU resource allocation without throttling, potentially causing denial of service. The vulnerability is categorized under CWE-770 (Allocation of Resources Without Limits or Throttling). It affects version 0.0 of TensorRT-LLM. There is no vendor advisory or patch available at this time, and no known exploits in the wild have been reported.
Potential Impact
Successful exploitation of this vulnerability can result in denial of service by exhausting GPU resources due to uncontrolled allocation. There is no impact on confidentiality or integrity reported. The attack vector requires local access (AV:L) with low complexity and no privileges or user interaction needed.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, monitor usage of the inference API and restrict access to trusted users to reduce risk of exploitation.
CVE-2026-24271: CWE-770 Allocation of Resources Without Limits or Throttling in NVIDIA TensorRT-LLM
Description
NVIDIA TensorRT-LLM has a vulnerability in its OpenAI-compatible inference API that allows an attacker to cause allocation of GPU resources without any limits or throttling. This can lead to denial of service conditions. The vulnerability is identified as CWE-770 and affects version 0.0 of the product. The CVSS score is 6.2, indicating a medium severity level. No patch or official remediation has been announced yet.
CVSS v3.1
Score 6.2medium
Affected software
pkg:github/nvidia/TensorRT-LLMRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-24271 is a resource allocation vulnerability in NVIDIA TensorRT-LLM's OpenAI-compatible inference API. The flaw allows an attacker to trigger unlimited GPU resource allocation without throttling, potentially causing denial of service. The vulnerability is categorized under CWE-770 (Allocation of Resources Without Limits or Throttling). It affects version 0.0 of TensorRT-LLM. There is no vendor advisory or patch available at this time, and no known exploits in the wild have been reported.
Potential Impact
Successful exploitation of this vulnerability can result in denial of service by exhausting GPU resources due to uncontrolled allocation. There is no impact on confidentiality or integrity reported. The attack vector requires local access (AV:L) with low complexity and no privileges or user interaction needed.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, monitor usage of the inference API and restrict access to trusted users to reduce risk of exploitation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- nvidia
- Date Reserved
- 2026-01-21T19:09:51.101Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a569d1c68715ace432809e5
Added to database: 07/14/2026, 20:33:32 UTC
Last enriched: 07/14/2026, 21:19:30 UTC
Last updated: 07/15/2026, 02:03:52 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.