Improper Resource Shutdown or Release

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the OpenAI-compatible Serving Path component. An attacker can cause the service to become unavailable by...

CVE-2026-9540

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

CVE-2026-9540

CVE-2026-9540 affects vllm-project vllm 0.19.0, specifically an issue in the OpenAI-compatible Serving Path that allows remote manipulation leading to a denial of service. The vulnerability’s exploitation is described as publicly available, with a pull request to fix it awaiting acceptance. CVSS ...

CVE-2026-9540 vllm-project vllm OpenAI-compatible Serving Path denial of service

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

CVE-2026-9540

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

EUVD-2026-31810

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

PT-2026-43245

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

vLLM 安全漏洞

vLLM is an open-source solution designed for LLM-based models, featuring high throughput and efficient memory usage for reasoning and services. Version vLLM 0.19.0 contains a security vulnerability. This vulnerability stems from unknown handling operations in the OpenAI-compatible Serving Path...

CVE-2026-7846 chatchat-space Langchain-Chatchat OpenAI-Compatible File Upload API openai_routes.py files toctou

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...

CVE-2026-7846

Technical details beyond the provided description are not publicly available in the supplied documents. Monitor for updates.

CVE-2026-34756

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request with an excessively large 'n' parameter to the vLLM OpenAI-compatible API server. This can lead to a...

CVE-2026-34756

CVE-2026-34756 affects vLLM OpenAI-compatible API server prior to 0.19.0. The root cause is missing upper-bound validation on the n parameter in ChatCompletionRequest/CompletionRequest, allowing an unauthenticated attacker to send an astronomically large n value that causes the asyncio event loop...

EUVD-2026-19351

vLLM is an inference and serving engine for large language models LLMs. From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lack of an upper bound validation on the n parameter in the ChatCompletionRequest and CompletionReques...

GHSA-6FVQ-23CW-5628 vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server

Summary A resource-exhaustion denial-of-service vulnerability exists in multiple endpoints of the OpenAI-Compatible Server due to the ability to specify Jinja templates via the chattemplate and chattemplatekwargs parameters. If an attacker can supply these parameters to the API, they can cause a...

vLLM vulnerable to Denial of Service by abusing xgrammar cache

Impact This report is to highlight a vulnerability in XGrammar, a library used by the structured output feature in vLLM. The XGrammar advisory is here: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3 The xgrammar library is the default backend used by vLLM to support...

PYSEC-2025-223

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. The outlines library is one of the backends used by vLLM to support structured output a.k.a. guided decoding. Outlines provides an optional cache for its compiled grammars on the local filesystem. This cache has...