Lucene search
K

5 matches found

NVD
NVD
added 2026/04/06 4:16 p.m.6 views

CVE-2026-34753

vLLM is an inference and serving engine for large language models LLMs. From 0.16.0 to before 0.19.0, a server-side request forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from t...

5.4CVSS0.00246EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/06 3:36 p.m.28 views

CVE-2026-34753 vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `

vLLM is an inference and serving engine for large language models LLMs. From 0.16.0 to before 0.19.0, a server-side request forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from t...

5.4CVSS0.00246EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 3:36 p.m.1 views

CVE-2026-34753 vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `

vLLM is an inference and serving engine for large language models LLMs. From 0.16.0 to before 0.19.0, a server-side request forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from t...

5.4CVSS6AI score0.00246EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/03 9:51 p.m.6 views

vLLM: Server-Side Request Forgery (SSRF) in `download_bytes_from_url `

Summary A Server Side Request Forgery SSRF vulnerability in downloadbytesfromurl allows any actor who can control batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from the server, without any URL validation or domain restrictions. This can be used to target...

5.4CVSS6.1AI score0.00246EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/04/03 9:51 p.m.2 views

Server-side Request Forgery (SSRF)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the downloadbytesfromurl function. An attacker can cause the server to make arbitrary HTTP or HTTPS requests to...

5.4CVSS6AI score0.00246EPSS
Exploits1References2
Rows per page
Query Builder