CVE-2026-27893— vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

CVSS 8.8 · High EPSS 0.03% · P11 Updated Mar 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-27893

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

Source: NVD (National Vulnerability Database)

Vulnerability Description

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode `trust_remote_code=True` when loading sub-components, bypassing the user's explicit `--trust-remote-code=False` security opt-out. This enables remote code execution via malicious model repositories even when the user has explicitly disabled remote code trust. Version 0.18.0 patches the issue.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

保护机制失效

Source: NVD (National Vulnerability Database)

Vulnerability Title

vLLM 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.10.1至0.18.0之前版本存在安全漏洞，该漏洞源于两个模型实现文件硬编码trust_remote_code=True，可能导致远程代码执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
vllm-project	vllm	>= 0.10.1, < 0.18.0	-

II. Public POCs for CVE-2026-27893

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

Qwen3.6-35B-A3B · 6977 chars

Paid plan includes:

In-depth vulnerability mechanism

Trigger conditions & impact

Full executable POC code

Exploit chain & mitigation

POC zip download

100+ AI POC generations per month

Upgrade Pro to unlock ¥99/month Sign up first

III. Intelligence Information for CVE-2026-27893

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: vllm

Same vendor: vllm-project

Same weakness: CWE-693

V. Comments for CVE-2026-27893

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-27893— vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out

I. Basic Information for CVE-2026-27893

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2026-27893

III. Intelligence Information for CVE-2026-27893

IV. Related Vulnerabilities

V. Comments for CVE-2026-27893

Leave a comment