diff --git a/pkgs/development/cuda-modules/packages/tensorrt.nix b/pkgs/development/cuda-modules/packages/tensorrt.nix
index 4bb18b625afc..db14dfca9a06 100644
--- a/pkgs/development/cuda-modules/packages/tensorrt.nix
+++ b/pkgs/development/cuda-modules/packages/tensorrt.nix
@@ -200,8 +200,14 @@ buildRedist (
       # the redistributables do. As such, we need to specify downloadPage manually.
       downloadPage = "https://developer.nvidia.com/downloads/compute/machine-learning/tensorrt";
       changelog = "https://docs.nvidia.com/deeplearning/tensorrt/latest/getting-started/release-notes.html#release-notes";
-
       license = _cuda.lib.licenses.tensorrt;
+
+      knownVulnerabilities =
+        # https://github.com/NixOS/nixpkgs/issues/522570
+        # https://nvidia.custhelp.com/app/answers/detail/a_id/5836
+        lib.optionals (lib.versionOlder finalAttrs.version "10.16.1") [
+          "CVE-2026-24188: OOB write"
+        ];
     };
   }
 )
diff --git a/pkgs/top-level/release-cuda.nix b/pkgs/top-level/release-cuda.nix
index f127fea62d18..b7111fedb63e 100644
--- a/pkgs/top-level/release-cuda.nix
+++ b/pkgs/top-level/release-cuda.nix
@@ -25,6 +25,9 @@ in
   nixpkgsArgs ? {
     config = {
       allowUnfreePredicate = cudaLib.allowUnfreeCudaPredicate;
+      # [CVE-2026-24188](https://github.com/NixOS/nixpkgs/issues/522570):
+      # OOB write
+      allowInsecurePredicate = p: lib.getName p == "tensorrt";
       "${variant}Support" = true;
       inHydra = true;