26 matches found
CVE-2026-62186
OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...
CVE-2026-54033 LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...
CVE-2026-54033
LibreChat exposes an SSRF risk in its baseURL handling: prior to version 0.8.4-rc1, an authenticated user could set a custom OpenAI-compatible API endpoint baseURL and have requests constructed without SSRF validation (no private IP check, no scheme restriction, no DNS pinning). This allowed dire...
EUVD-2026-39460
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme...
CVE-2026-5497
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...
EUVD-2026-36217
vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory OOM Denial of Service DoS attack due to unbounded frame count processing in the VideoMediaIO.loadbase64 method. When processing video/jpeg data URLs, the method splits the base64 data string on commas to extract individual JPEG fram...
CVE-2026-5497
CVE-2026-5497 affects vLLM 0.8.0 and later, where VideoMediaIO.load_base64() can perform unbounded frame processing for video/jpeg data URLs, leading to an Out-of-Memory DoS. An attacker can craft a single API request with thousands of comma-separated base64 JPEG frames, causing the server to dec...
CVE-2026-9540
A flaw was found in vllm-project vllm, specifically within its OpenAI-compatible Serving Path. A remote attacker could exploit this vulnerability by manipulating certain processing, leading to a denial of service DoS. This could make the affected service unavailable to legitimate users. The issue...
GHSA-98F3-HWG4-4RF7 vllm has Improper Resource Shutdown or Release
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...
Improper Resource Shutdown or Release
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the OpenAI-compatible Serving Path component. An attacker can cause the service to become unavailable by...
CVE-2026-9540
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...
EUVD-2026-31810
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...
CVE-2026-9540
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...
CVE-2026-9540 vllm-project vllm OpenAI-compatible Serving Path denial of service
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...
CVE-2026-9540
CVE-2026-9540 affects vllm-project vllm 0.19.0, specifically an issue in the OpenAI-compatible Serving Path that allows remote manipulation leading to a denial of service. The vulnerability’s exploitation is described as publicly available, with a pull request to fix it awaiting acceptance. CVSS ...
CVE-2026-9540 vllm-project vllm OpenAI-compatible Serving Path denial of service
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...
vLLM 安全漏洞
vLLM is an open-source solution designed for LLM-based models, featuring high throughput and efficient memory usage for reasoning and services. Version vLLM 0.19.0 contains a security vulnerability. This vulnerability stems from unknown handling operations in the OpenAI-compatible Serving Path...
PT-2026-43245
A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...
CVE-2026-7846 chatchat-space Langchain-Chatchat OpenAI-Compatible File Upload API openai_routes.py files toctou
A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...
CVE-2026-7846
Technical details beyond the provided description are not publicly available in the supplied documents. Monitor for updates.