4 matches found
CVE-2025-62426
A vulnerability in vLLM allows an authenticated user to trigger unintended tokenization during chat template processing by supplying crafted chattemplatekwargs to the /v1/chat/completions or /tokenize endpoints. By forcing the server to tokenize very large inputs, an attacker can block the API...
CVE-2025-62426
Summary: CVE-2025-62426 affects vLLM up to versions before 0.11.1. The /v1/chat/completions and /tokenize endpoints accept a chat_template_kwargs parameter that is used before validation, allowing an attacker to block the API server by forcing large tokenization tasks and delaying all other reque...
vLLM ๅฎๅ จๆผๆด
vLLM is a high throughput and memory efficient inference and service engine for LLM from vLLM open source. A security vulnerability exists in vLLM version 0.5.5 through versions prior to 0.11.1, which stems from insufficient validation of the chattemplatekwargs parameter, and may result in API...
Allocation of Resources Without Limits or Throttling
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the chattemplate and chattemplatekwargs parameters. An attacker can cause excessive CPU...