CVE-2026-34756

vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...

PT-2023-6953 · Docker +4 · Docker Distribution +4

Name of the Vulnerable Software and Affected Versions: distribution versions prior to 2.8.2-beta.1 Description: A flaw was found in the /v2/ catalog endpoint, which accepts a parameter to control the maximum number of records returned query string: n. This vulnerability allows a malicious user to...