Lucene search
K

7 matches found

Veracode
Veracode
added 2025/12/01 10:47 a.m.6 views

Denial Of Service (DoS)

vllm is vulnerable to Denial Of Service DoS. The vulnerability is due to unrestricted Jinja template injection through the chattemplate and chattemplatekwargs parameters, where crafted templates can trigger unbounded loops or heavy rendering operations, and attackers can exploit this to exhaust C...

7.3AI score0.00207EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/11/21 2:15 a.m.7 views

CVE-2025-62426

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

6.5CVSS0.00319EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/21 1:21 a.m.11 views

CVE-2025-62426 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

6.5CVSS0.00319EPSS
Exploits0References5
OSV
OSV
added 2025/11/20 9:26 p.m.1 views

GHSA-69J4-GRXJ-J64P vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

Summary The /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chattemplatekwargs parameters, it is possible to block processing of the API server for long...

6.5CVSS6.1AI score0.00319EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/11/20 9:26 p.m.9 views

vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

Summary The /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chattemplatekwargs parameters, it is possible to block processing of the API server for long...

6.5CVSS6.8AI score0.00319EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/20 12:0 a.m.6 views

PT-2025-47650

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. The /v1/chat/completions and /tokenize API endpoints accept a chat template kwargs request parameter that is not properly...

6.8CVSS6.8AI score0.00319EPSS
Exploits0References17
Github Security Blog
Github Security Blog
added 2025/10/07 9:35 p.m.8 views

vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server

Summary A resource-exhaustion denial-of-service vulnerability exists in multiple endpoints of the OpenAI-Compatible Server due to the ability to specify Jinja templates via the chattemplate and chattemplatekwargs parameters. If an attacker can supply these parameters to the API, they can cause a...

6.9AI score0.00207EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder