CVE-2026-4944 Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control

vllm-project/vllm version 0.14.1 contains a vulnerability where the trustremotecode=True parameter is hardcoded in two model implementation files vllm/modelexecutor/models/nemotronvl.py and vllm/modelexecutor/models/kimik25.py. This bypasses the user's explicit --trust-remote-code=False setting,...

CVE-2026-4944

vllm-project/vllm version 0.14.1 contains a vulnerability where the trustremotecode=True parameter is hardcoded in two model implementation files vllm/modelexecutor/models/nemotronvl.py and vllm/modelexecutor/models/kimik25.py. This bypasses the user's explicit --trust-remote-code=False setting,...

PT-2026-44487

vllm-project/vllm version 0.14.1 contains a vulnerability where the trust remote code=True parameter is hardcoded in two model implementation files vllm/model executor/models/nemotron vl.py and vllm/model executor/models/kimi k25.py. This bypasses the user's explicit --trust-remote-code=False...

EUVD-2026-31810

A vulnerability was identified in vllm-project vllm 0.19.0. This issue affects some unknown processing of the component OpenAI-compatible Serving Path. Such manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit is publicly available and might be used...

CVE-2025-48944

vLLM is an inference and serving engine for large language models LLMs. In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI endpoint fails to validate unexpected or malformed input in the "pattern" and "type" fields when the tools functionality ...

CVE-2025-46722 vLLM has a Weakness in MultiModalHasher Image Hashing Implementation

vLLM is an inference and serving engine for large language models LLMs. In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has a security and data integrity issue in its image hashing method. Currently, it serializes PIL.Image.Image...

CVE-2025-47277

vLLM (versions 0.6.5–0.8.4) is affected only when using the PyNcclPipe KV cache transfer integration with the V0 engine. The issue stems from the PyTorch TCPStore binding defaulting to ALL interfaces; a workaround constrained the store to a private interface, and as of version 0.8.5 vLLM now bind...

vLLM Deserialization of Untrusted Data vulnerability

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

PYSEC-2025-222

vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...

CVE-2024-11040

...

CVE-2024-11040

...

CVE-2024-11041 Remote Code Execution in vllm-project/vllm

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

CVE-2024-9053

CVE-2024-9053 affects vllm-project/vllm 0.6.0, specifically the AsyncEngineRPCServer entrypoints. The run_server_loop() path calls _make_handler_coro() which uses cloudpickle.loads() on received messages without sanitization, enabling remote code execution via deserialization of untrusted data (n...

CVE-2024-9053 Remote Code Execution in vllm-project/vllm

vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...

CVE-2024-9053 Remote Code Execution in vllm-project/vllm

vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...

CVE-2024-9052

...

CVE-2024-9052

...

vLLM 代码问题漏洞

vLLM is a vLLM open source high throughput and memory efficient reasoning and serving engine for LLM. A code issue vulnerability exists in vLLM version v0.6.2, which stems from a remote code execution vulnerability in the MessageQueue.dequeue API function...