3 matches found
CVE-2026-25960
A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker can exploit this Server-Side Request Forgery SSRF bypass vulnerability in the loadfromurlasync method. The flaw occurs because the URL validation and the actual HTTP request handling use...
CVE-2026-25960
creationtimestamp| type| source ---|---|--- 2026-03-09 21:10:06+00:00| seen| https://gist.github.com/alon710/4d9727ddef862a1e929678af12c10073 2026-03-18 20:40:10+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhedumkaze2q...
CVE-2026-25960
vLLM is an inference and serving engine for large language models LLMs. The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses...