EUVD-2026-38407

🗓️ 22 Jun 2026 22:20:10Reported by EUVDType

vLLM 0.22.0 fixes revision pinning gaps that allow unpinned artifacts, ensuring only reviewed revisions are used.

Reporter	Title	Published	Views	Family All 12
ATTACKERKB	CVE-2026-47155	22 Jun 202622:20	–	attackerkb
Circl	CVE-2026-47155	23 Jun 202601:10	–	circl
CVE	CVE-2026-47155	22 Jun 202622:20	–	cve
Cvelist	CVE-2026-47155 vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors	22 Jun 202622:20	–	cvelist
Github Security Blog	vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors	10 Jun 202617:11	–	github
NVD	CVE-2026-47155	22 Jun 202623:16	–	nvd
OSV	GHSA-3WW4-5JV9-J5GM vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors	10 Jun 202617:11	–	osv
OSV	MINI-265M-796R-J4H6	11 Jun 202616:20	–	osv
OSV	MINI-4GX2-8QXV-64X8	11 Jun 202616:20	–	osv
OSV	MINI-9M3H-GJV4-V4J8	11 Jun 202616:24	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "bf731584-c99e-3fd5-8d8a-cd991cbd12cc",
        "vendor": {
          "name": "vllm-project"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "95750742-b7d8-3c86-8987-4acc56a1b176",
        "product": {
          "name": "vllm",
          "vendor": {
            "name": "vllm-project"
          }
        },
        "product_version": "< 0.22.0"
      }
    ]
  }
]

Source	Link
github	www.github.com/vllm-project/vllm/security/advisories/GHSA-3ww4-5jv9-j5gm
github	www.github.com/vllm-project/vllm/pull/42616
github	www.github.com/vllm-project/vllm/commit/d26a28ab033697f55a1414b5b0435de7cd6045b6
huntr	www.huntr.com/bounties/3f1e24c0-87d2-4f6c-a705-820f380879ac

22 Jun 2026 22:20Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.5

EPSS0.00014