2 matches found
PYSEC-2026-568 vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object
vllm-project vllm version 0.6.0 contains a vulnerability in the distributed training API. The function vllm.distributed.GroupCoordinator.recvobject deserializes received object bytes using pickle.loads without sanitization, leading to a remote code execution vulnerability. Maintainer perspective...
GHSA-PGR7-MHP5-FGJP vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object
vllm-project vllm version 0.6.0 contains a vulnerability in the distributed training API. The function vllm.distributed.GroupCoordinator.recvobject deserializes received object bytes using pickle.loads without sanitization, leading to a remote code execution vulnerability. Maintainer perspective...