5 matches found
CVE-2026-5497
A flaw was found in vLLM. An attacker can exploit this vulnerability by sending a specially crafted API request containing an excessive number of base64-encoded JPEG frames within a data URL. This unbounded processing of frames in the VideoMediaIO.loadbase64 method leads to an Out-of-Memory OOM...
CVE-2026-7141
A flaw was found in vllm. A remote attacker can exploit a vulnerability in the hasmambalayers function within the KV Block Handler component. By performing a specific manipulation, an uninitialized resource can be triggered, potentially leading to information disclosure or denial of service. The...
CVE-2026-34756
A flaw was found in vLLM, an inference and serving engine for large language models LLMs. An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request with an excessively large 'n' parameter to the vLLM OpenAI-compatible API server. This can lead to a...
CVE-2026-34753
A flaw was found in vLLM. This server-side request forgery SSRF vulnerability allows an attacker who can control batch input JSON to force the vLLM batch runner to make arbitrary HTTP/HTTPS requests from the server. This can be exploited to access internal services, such as cloud metadata endpoin...
CVE-2025-29770
A flaw was found in vLLM. This vulnerability can allow Denial of Service via filesystem exhaustion. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicabilit...