2 matches found
CVE-2026-55514 vLLM denial of service via prompt embeds on M-RoPE models
vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...
CVE-2026-55514
CVE-2026-55514 affects the vLLM library (inference/serving) from versions 0.12.0 through older than 0.24.0. Sending a pure prompt embeds payload in a /v1/completions request for a model using M-RoPE triggers an EngineCore assertion, causing a fatal crash that shuts down the entire server applicat...