Lucene search
K

16 matches found

Veracode
Veracode
added 2026/02/05 8:36 a.m.6 views

Server-Side Request Forgery (SSRF)

vllm is vulnerable to a Server-Side Request Forgery SSRF. The vulnerability is due to inconsistent URL parsing and hostname validation in the MediaConnector class when processing user-supplied media URLs, which allows an attacker to bypass host restrictions and coerce the vLLM server into making...

7.1CVSS5.7AI score0.00528EPSS
Exploits1References15Affected Software1
EUVD
EUVD
added 2026/01/28 4:14 p.m.7 views

EUVD-2026-4711

vLLM vulnerable to Server-Side Request Forgery SSRF through MediaConnector...

7.1CVSS5.9AI score0.00528EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/01/28 4:14 p.m.17 views

vLLM vulnerable to Server-Side Request Forgery (SSRF) through MediaConnector

Summary A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process media from URLs provided by users, using different Python parsing libraries when restrictin...

7.1CVSS5.9AI score0.00528EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/28 3:7 a.m.7 views

CVE-2026-24779

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class, specifically within the loadfromurl and loadfromurlasync methods. An attacker can exploit differing interpretations of...

7.1CVSS5.9AI score0.00528EPSS
Exploits1References6
Snyk
Snyk
added 2026/01/27 10:49 p.m.2 views

Server-side Request Forgery (SSRF)

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the MediaConnector class. An attacker can access internal network resources and cause system instability or...

7.1CVSS5.9AI score0.00528EPSS
Exploits1References2
OSV
OSV
added 2026/01/27 10:1 p.m.4 views

CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`

vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...

7.1CVSS5.9AI score0.00528EPSS
Exploits1References16
Cvelist
Cvelist
added 2026/01/27 10:1 p.m.27 views

CVE-2026-24779 vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`

vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.14.1, a Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods obtain and process...

7.1CVSS0.00528EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.9 views

vLLM code issues and vulnerabilities

vLLM is an open-source solution designed for LLM-based models, featuring high throughput and memory-efficient reasoning and service engines. Prior to vLLM 0.14.1, there were code-related vulnerabilities. These vulnerabilities stemmed from differences in the interpretation of backslashes by variou...

7.1CVSS6.8AI score0.00528EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.5 views

PT-2026-5029

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.14.1 Description A Server-Side Request Forgery SSRF exists in the MediaConnector class within the multimodal feature set. The load from url and load from url async functions process media from user-provided URLs using...

7.1CVSS6.8AI score0.00528EPSS
Exploits1References29
Veracode
Veracode
added 2025/11/24 3:37 p.m.5 views

Server-Side Request Forgery (SSRF)

vllm is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient restrictions on user-supplied URLs in the MediaConnector class’s loadfromurl and loadfromurlasync methods, which allows an attacker to coerce the server into making arbitrary internal network requests...

7.1CVSS7.2AI score0.00231EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/10/07 10:14 p.m.3 views

GHSA-3F6C-7FW2-PPM4 vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class

Summary A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows...

7.1CVSS6.5AI score0.00231EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/07 10:14 p.m.8 views

vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class

Summary A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows...

7.1CVSS6.5AI score0.00231EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/10/07 8:15 p.m.9 views

CVE-2025-6242

A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an...

7.1CVSS0.00231EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/07 7:45 p.m.10 views

CVE-2025-6242 Vllm: server side request forgery (ssrf) in mediaconnector

A Server-Side Request Forgery SSRF vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The loadfromurl and loadfromurlasync methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an...

7.1CVSS0.00231EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/07 12:0 a.m.6 views

vLLM 代码问题漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in vLLM that stems from insufficient restriction of the target host for user-supplied URLs in the loadfromurl and loadfromurlasync methods of the MediaConnector...

7.1CVSS6.6AI score0.00231EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/07 12:0 a.m.5 views

PT-2025-41177

Name of the Vulnerable Software and Affected Versions vLLM affected versions not specified Description An issue exists within the MediaConnector class in the vLLM project’s multimodal feature set. Specifically, the load from url and load from url async methods do not sufficiently restrict the...

7.1CVSS6.6AI score0.00231EPSS
Exploits0References17
Rows per page
Query Builder