Remote Code Execution (RCE)

vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to the use of Python’s pickle module on untrusted data received over a ZeroMQ SUB socket in multi-node deployments using the V0 engine, which allows an attacker to execute arbitrary code on the target machine and potentiall...

Denial Of Service (DoS)

vLLM is vulnerable to Denial Of Service DoS . The vulnerability is due to improper ZeroMQ socket binding caused by the XPUB socket being bound to all interfaces without access control in multi-node deployments, which allows an attacker to connect to the socket and either receive internal data or...