Lucene search
K

4 matches found

CVE
CVE
added 2026/06/22 10:18 p.m.39 views

CVE-2026-41523

vLLM prior to 0.22.0 is affected by an assert-based security check in the activation function loading that can permit arbitrary code execution when a malicious HuggingFace model is loaded and vLLM runs in Python optimized mode. The attacker-controlled inputs are the activation function names from...

7.5CVSS6.5AI score0.00484EPSS
Exploits1References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 10:18 p.m.5 views

CVE-2026-41523 vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLL...

7.5CVSS6.5AI score0.00484EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/22 10:18 p.m.30 views

CVE-2026-41523 vLLM: Security Check Bypass via assert Statement in Activation Function Loading Allows Arbitrary Code Execution

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, an assert-based security check in vLLM's activation function loading allows any unauthenticated attacker to achieve arbitrary code execution on the server by publishing a malicious HuggingFace model, when vLL...

7.5CVSS0.00484EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.15 views

PT-2026-50140

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.22.0 Description An assert-based security check in the activation function loading process allows an unauthenticated attacker to achieve arbitrary code execution on the server. This occurs when vLLM is run in Python...

7.5CVSS7.4AI score0.00484EPSS
Exploits1References19
Rows per page
Query Builder