28 matches found
CVE-2026-47117
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...
CVE-2026-47117
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...
CVE-2026-47117 OpenMed < 1.5.2 Remote Code Execution via PII Model Loading
OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...
CVE-2026-22807
vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...
CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization
vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...
EUVD-2026-3678
vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...
CVE-2026-22807 vLLM affected by RCE via auto_map dynamic module loading during model initialization
vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.14.0, vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path ...
Arbitrary Code Injection
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Arbitrary Code Injection via the automap process during model initialization, even when trustremotecode is false. An attacker can execute arbitrary...
GHSA-2PC9-4J83-QJMR vLLM affected by RCE via auto_map dynamic module loading during model initialization
Summary vLLM loads Hugging Face automap dynamic modules during model resolution without gating on trustremotecode, allowing attacker-controlled Python code in a model repo/path to execute at server startup. --- Impact An attacker who can influence the model repo/path local directory or remote...
Remote Code Execution (RCE)
vLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe dynamic loading and execution of classes from remote repositories via the automap configuration, which allows an attacker to execute arbitrary code even when trustremotecode is disabled...
EUVD-2025-200115
vLLM vulnerable to remote code execution via transformersutils/getconfig...
GHSA-8FR4-5Q9J-M8GM vLLM vulnerable to remote code execution via transformers_utils/get_config
Summary vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with getclassfromdynamicmodule... and immediately instantiates the returned class. This...
vLLM vulnerable to remote code execution via transformers_utils/get_config
Summary vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with getclassfromdynamicmodule... and immediately instantiates the returned class. This...
CVE-2025-66448
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...
Arbitrary Code Injection
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Arbitrary Code Injection via the config class named NemotronNanoVLConfig. An attacker can execute arbitrary code on the host system by publishing a...
CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...
CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...
CVE-2025-66448
vLLM (prior to 0.11.1) contains a remote code execution vulnerability in Nemotron_Nano_VL_Config where, during model loading, an auto_map entry can cause get_class_from_dynamic_module to fetch and execute code from a remote repository, bypassing trust_remote_code checks. This can enable an attack...
CVE-2025-66448 vLLM vulnerable to remote code execution via transformers_utils/get_config
vLLM is an inference and serving engine for large language models LLMs. Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named NemotronNanoVLConfig. When vllm loads a model config that contains an automap entry, the config class resolves that mapping with...
PT-2025-48580
Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.11.1 Description vLLM is an inference and serving engine for large language models LLMs. A critical issue exists in the Nemotron Nano VL Config class where remote code execution can occur. When vLLM loads a model...