16 matches found
Server-Side Request Forgery (SSRF)
vllm is vulnerable to a Server-Side Request Forgery SSRF. The vulnerability is due to inconsistent URL parsing and hostname validation in the MediaConnector class when processing user-supplied media URLs, which allows an attacker to bypass host restrictions and coerce the vLLM server into making...
EUVD-2026-4711
vLLM vulnerable to Server-Side Request Forgery SSRF through MediaConnector...
vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector
Summary A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process media from URLs provided by users, using different Python parsing libraries when restrictin...
CVE-2026-24779
A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class, specifically within the loadfromurl and loadfromurlasync methods. An attacker can exploit differing interpretations of...
Server-side Request Forgery (SSRF)
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the MediaConnector class. An attacker can access internal network resources and cause system instability or...
CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`
vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...
CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`
vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...
vLLM code issues and vulnerabilities
vLLM is an open-source solution designed for LLM-based models, featuring high throughput and memory-efficient reasoning and service engines. Prior to vLLM 0.14.1, there were code-related vulnerabilities. These vulnerabilities stemmed from differences in the interpretation of backslashes by variou...
PT-2026-5029
Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.14.1 Description A Server-Side Request Forgery SSRF exists in the MediaConnector class within the multimodal feature set. The load from url and load from url async functions process media from user-provided URLs using...
Server-Side Request Forgery (SSRF)
vllm is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restrictions on user-supplied URLs in the MediaConnector class’s loadfromurl and loadfromurlasync methods, which allows an attacker to coerce the server into making arbitrary internal network requests...
GHSA-3F6C-7FW2-PPM4 vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
Summary A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows...
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
Summary A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows...
CVE-2025-6242
A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an...
CVE-2025-6242 Vllm: server side request forgery (ssrf) in mediaconnector
A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an...
vLLM 代码问题漏洞
vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in vLLM that stems from insufficient restriction of the target host for user-supplied URLs in the loadfromurl and loadfromurlasync methods of the MediaConnector...
PT-2025-41177
Name of the Vulnerable Software and Affected Versions vLLM affected versions not specified Description An issue exists within the MediaConnector class in the vLLM project’s multimodal feature set. Specifically, the load from url and load from url async methods do not sufficiently restrict the...