2 matches found
CVE-2026-48746
A flaw was found in vLLM, an inference and serving engine for large language models LLMs. This vulnerability, residing in ASGI web servers and Starlette's trust in them, allows an attacker to bypass the OpenAI API Authentication Middleware. This bypass enables unauthorized access to the API witho...
CVE-2026-34756 vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...