CVE-2026-54232— vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-54232
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile
Source: NVD (National Vulnerability Database)
Vulnerability Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index (flashinfer.ai/whl/) using --extra-index-url, but the package name was not registered on PyPI, and UV_INDEX_STRATEGY="unsafe-best-match" is set globally. An attacker who registers flashinfer-jit-cache on PyPI with version 0.6.11.post2 can execute arbitrary code as root during the Docker build and backdoor every resulting container image, enabling exfiltration of all user prompts, API credentials, and model data from production vLLM deployments This vulnerability is fixed in 0.22.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对搜索路径元素未加控制
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| vllm-project | vllm | < 0.22.1 | - |
II. Public POCs for CVE-2026-54232
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-54232
请登录查看更多情报信息。
Other References for CVE-2026-54232 (1)
Same Patch Batch · vllm-project · 2026-06-22 · 8 CVEs total
| CVE-2026-48746 | 9.1 CRITICAL | vLLM: OpenAI auth bypass |
| CVE-2026-41523 | 7.5 HIGH | vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arb |
| CVE-2026-47155 | 6.5 MEDIUM | vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, |
| CVE-2026-54233 | 6.5 MEDIUM | vLLM: OOM Denial of Service via Audio Decompression Bomb |
| CVE-2026-54236 | 5.3 MEDIUM | vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router |
| CVE-2026-53923 | vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overfl | |
| CVE-2026-54235 | vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kern |
IV. Related Vulnerabilities
Same product: vllm
- CVE-2026-47155
vLLM: Artifact Pin Decay in vLLM allows pinned deployments t - CVE-2026-41523
vLLM: Security Check Bypass via assert Statement in Activati - CVE-2026-54233
vLLM: OOM Denial of Service via Audio Decompression Bomb - CVE-2026-54236
vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses - CVE-2026-54235
vLLM: temperature=NaN and temperature=Infinity bypass valida
Same vendor: vllm-project
- CVE-2026-47155
vLLM: Artifact Pin Decay in vLLM allows pinned deployments t - CVE-2026-41523
vLLM: Security Check Bypass via assert Statement in Activati - CVE-2026-54233
vLLM: OOM Denial of Service via Audio Decompression Bomb - CVE-2026-54236
vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses - CVE-2026-54235
vLLM: temperature=NaN and temperature=Infinity bypass valida
Same weakness: CWE-427
- CVE-2025-13162
Advant Master Online Builder DLL vulnerability - CVE-2026-6645
Insecure Search Path Vulnerability in PaperCut Print Deploy - CVE-2026-11958
Local privilege escalation in ANSSI’s DFIR-ORC - CVE-2026-12003
CPython >3.11 Insecure Input Validation resulting in privile - CVE-2024-22451
Dell Peripheral Manager 权限许可和访问控制问题漏洞
V. Comments for CVE-2026-54232
No comments yet