2 matches found
CVE-2026-54234 vLLM: Remote DoS in vLLM via Invalid Recovered Token Reinjection
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...
CVE-2026-34760 vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models
vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before version 0.18.0, Librosa defaults to using numpy.mean for mono downmixing tomono, while the international standard ITU-R BS.775-4 specifies a weighted downmixing algorithm. This discrepancy results...