CVE-2026-44223 vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

vLLM is an inference and serving engine for large language models LLMs. From to before 0.20.0, the extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash ...

CVE-2026-44223

vLLM contains a vulnerability (CVE-2026-44223) where the extract_hidden_states speculative decoding pathway can crash the EngineCore process if any request uses penalty parameters (repetition_penalty, frequency_penalty, or presence_penalty). The issue arises from an incorrect tensor shape after t...

vLLM 安全漏洞

vLLM is an open-source LLM-based inference and service engine that features high throughput and efficient memory usage. Versions of vLLM prior to 0.20.0 contained a security vulnerability. This vulnerability stemmed from the extracthiddenstates speculative decoding proposal, which returned tensor...

PT-2026-38288

Name of the Vulnerable Software and Affected Versions vLLM versions 0.18.0 through 0.19.1 Description The extract hidden states speculative decoding proposer returns a tensor with an incorrect shape after the first decode step, leading to a RuntimeError that crashes the EngineCore process. This...

org.apache.linkis:linkis-engineplugin-seatunnel (>=1.4.0 <=1.8.0), org.apache.seatunnel:connector-console-seatunnel-e2e (>=2.3.0 <=2.3.10) +6 more potentially affected by CVE-2025-32896 via org.apache.seatunnel:seatunnel-engine-common (>=2.3.0-beta <=2.3.10)

org.apache.seatunnel:seatunnel-engine-common MAVEN version =2.3.0-beta, =1.4.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.0, =2.3.10 Source cves: CVE-2025-32896 Source advisory: OSV:GHSA-9X53-GR7P-4QF5...

airunner (>=3.0.0 <=3.1.7), athina (>=1.7.0 <=1.7.39) +29 more potentially affected by CVE-2025-1753 via llama-index-cli (>=0.1.13 <=0.4.0)

llama-index-cli PYPI version =0.1.13, =3.0.0, =1.7.0, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.0.52, =1.0.9, =1.0.3.post1, =0.1.2, =0.1.7.dev20240924104148, =0.11.0, =0.11.23 - llama-index-callbacks-honeyhive =0.2.0 - llama-index-collection =0.2.0 and more Source cves: CVE-2025-1753 Source advisory:...

@gnar-engine/core (>=1.0.1 <=1.0.23) potentially affected by CVE-2025-1756 via mongosh (=1.10.6)

mongosh NPM version =1.10.6 is affected by a known vulnerability. The following packages have a transitive dependency on mongosh and may be impacted: - @gnar-engine/core =1.0.1, =1.0.23 Source cves: CVE-2025-1756 Source advisory: OSV:GHSA-F5W3-73H4-JPCM...

@gnar-engine/core (>=1.0.1 <=1.0.23) potentially affected by CVE-2025-1691 via mongosh (=1.10.6)

mongosh NPM version =1.10.6 is affected by a known vulnerability. The following packages have a transitive dependency on mongosh and may be impacted: - @gnar-engine/core =1.0.1, =1.0.23 Source cves: CVE-2025-1691 Source advisory: OSV:GHSA-43G5-2WR2-Q7VJ...

@gnar-engine/core (>=1.0.1 <=1.0.23) potentially affected by CVE-2025-1692 via mongosh (=1.10.6)

mongosh NPM version =1.10.6 is affected by a known vulnerability. The following packages have a transitive dependency on mongosh and may be impacted: - @gnar-engine/core =1.0.1, =1.0.23 Source cves: CVE-2025-1692 Source advisory: OSV:GHSA-973H-3X6P-QG37...

@gnar-engine/core (>=1.0.1 <=1.0.23) potentially affected by CVE-2025-1693 via mongosh (=1.10.6)

mongosh NPM version =1.10.6 is affected by a known vulnerability. The following packages have a transitive dependency on mongosh and may be impacted: - @gnar-engine/core =1.0.1, =1.0.23 Source cves: CVE-2025-1693 Source advisory: OSV:GHSA-R95J-4JVF-MRRW...

Remote Code Execution

velocity-engine-core is vulnerable to remote code execution. The Uberspector fails to prevent access to java.lang.ClassLoader methods and allows an attacker that is able to modify Template contents to execute arbitrary Java code or run arbitrary system commands with the same privileges as the...