Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

vLLM — Vulnerabilities & Security Advisories 45

All 45 CVE vulnerabilities found in vLLM, with AI-generated Chinese analysis, references, and POCs.

This page provides a comprehensive aggregation of Common Weakness Enumerations (CWE) related to the vllm open-source large language model inference engine, managed by the vllm development community. It collects security vulnerabilities affecting this specific product, covering incidents from its initial release through to the most recently disclosed issues. By accessing this resource, users can track vendor advisories issued by the vllm team, understand the specific characteristics and risk profiles of the weakness classes present in the software, and look up the product’s historical vulnerability data to assess long-term security trends. The vllm project, widely used for high-throughput and memory-efficient LLM serving, requires rigorous monitoring due to its complex architecture involving kernel optimizations and custom memory management systems. Flaws in these components can lead to severe security implications, including arbitrary code execution, denial of service, and information disclosure. This collection serves as a central reference point for security researchers, system administrators, and developers who rely on vllm in production environments. It aims to facilitate transparency by consolidating disparate reports into a single, accessible format. Understanding these vulnerabilities is critical for applying appropriate patches and configuring the inference engine securely. The data presented here is derived from official release notes, community reports, and automated scanning results, ensuring a holistic view of the threat landscape associated with this specific implementation. Users are encouraged to review these entries to inform their risk assessment and mitigation strategies.

Vendor: vllm-project

CVE IDTitleCVSSSeverityPublished
CVE-2026-47155 vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors CWE-345 6.5 Medium2026-06-22
CVE-2026-41523 vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution CWE-94 7.5 High2026-06-22
CVE-2026-54232 vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile CWE-427 8.8 High2026-06-22
CVE-2026-54233 vLLM: OOM Denial of Service via Audio Decompression Bomb CWE-409 6.5 Medium2026-06-22
CVE-2026-54236 vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router CWE-532 5.3 Medium2026-06-22
CVE-2026-54235 vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels CWE-1287--2026-06-22
CVE-2026-48746 vLLM: OpenAI auth bypass CWE-444 9.1 Critical2026-06-22
CVE-2026-53923 vLLM GGUF Kernels: int64_t to int truncation of tensor dimensions causes GPU buffer overflow CWE-681--2026-06-22
CVE-2026-56340 vLLM - Denial of Service via Unvalidated Multimodal Embeddings CWE-20 8.8 High2026-06-20
CVE-2025-71379 vllm - Regular Expression Denial of Service in Multiple Components CWE-1333 4.3 Medium2026-06-20
CVE-2026-9540 vllm-project vllm OpenAI-compatible Serving Path denial of service CWE-404 5.3 Medium2026-05-26
CVE-2026-44223 vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters CWE-131 6.5 Medium2026-05-12
CVE-2026-44222 vLLM: Remote DoS via Special-Token Placeholders CWE-129 6.5 Medium2026-05-12
CVE-2026-7141 vllm KV Block kv_cache_interface.py has_mamba_layers uninitialized resource CWE-908 5.6 Medium2026-04-27
CVE-2026-34756 vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server CWE-770 6.5 Medium2026-04-06
CVE-2026-34755 vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing CWE-770 6.5 Medium2026-04-06
CVE-2026-34753 vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url ` CWE-918 5.4 Medium2026-04-06
CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models CWE-20 5.9 Medium2026-04-02
CVE-2026-27893 vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out CWE-693 8.8 High2026-03-26
CVE-2026-25960 SSRF Protection Bypass in vLLM CWE-918 7.1 High2026-03-09
CVE-2026-22778 vLLM leaks a heap address when PIL throws an error CWE-532 9.8 Critical2026-02-02
CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector` CWE-918 7.1 High2026-01-27
CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization CWE-94 8.8 High2026-01-21
CVE-2026-22773 vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions CWE-770 6.5 Medium2026-01-10
CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config CWE-94 7.1 High2025-12-01
CVE-2025-62372 vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs CWE-129 7.5 -2025-11-21
CVE-2025-62426 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs` CWE-770 6.5 Medium2025-11-21
CVE-2025-62164 VLLM deserialization vulnerability leading to DoS and potential RCE CWE-20 8.8 High2025-11-21
CVE-2025-59425 vLLM vulnerable to timing attack at bearer auth CWE-385 7.5 High2025-10-07
CVE-2025-48956 vLLM API endpoints vulnerable to Denial of Service Attacks CWE-400 7.5 High2025-08-21

All 45 known CVE vulnerabilities affecting vLLM with full Chinese analysis, references, and POCs where available.