Lucene search
K

10 matches found

NVD
NVD
added 2026/07/06 8:16 p.m.6 views

CVE-2026-55646

vLLM is an inference and serving engine for large language models. From 0.22.0 to 0.23.0, the /v1/audio/transcriptions and /v1/audio/translations routes call request.file.read to fully materialize an uploaded audio file into memory before vLLM checks the documented VLLMMAXAUDIOCLIPFILESIZEMB...

6.5CVSS0.00289EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/20 6:27 p.m.7 views

CVE-2025-71379

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/20 6:27 p.m.20 views

CVE-2025-71379

CVE-2025-71379 affects vLLM versions 0.6.3 through 0.8.x (before 0.9.0). The vulnerability is a set of regular expression denial of service (ReDoS) flaws in multiple components: (1) regex patterns in vllm/lora/utils.py, (2) the phi4mini tool parser, and (3) the OpenAI-compatible serving chat endp...

7.5CVSS5.9AI score0.00321EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/20 6:27 p.m.12 views

EUVD-2025-210290

vLLM versions = 0.6.3 and 0.9.0 contain multiple regular expression denial of service ReDoS vulnerabilities. Several regex patterns — in vllm/lora/utils.py, the phi4mini tool parser, and the OpenAI-compatible serving chat endpoint — are susceptible to catastrophic backtracking. An attacker...

5.3CVSS5.9AI score0.00321EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/05/26 2:43 p.m.8 views

aana (>=0.2.1 <=0.2.2.2), acai-swarm (=0.1.0) +218 more potentially affected by CVE-2026-9540 via vllm (>=0.10.0 <=0.9.2)

vllm PYPI version =0.10.0, =0.2.1, =1.2.1, =0.0.0, =2.3.5, =0.0.7, =0.0.1b1, =0.1.15, =0.2.4, =1.0.0, =1.0.14 and more Source cves: CVE-2026-9540 Source advisory: SNYK:PYTHON-VLLM-16887889...

6.9CVSS5.8AI score0.00427EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/06 9:45 p.m.10 views

vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters

Summary The extracthiddenstates speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.6 views

PT-2026-3865

Name of the Vulnerable Software and Affected Versions vLLM versions 0.10.1 through 0.13.x Description vLLM is an inference and serving engine for large language models LLMs. The software loads Hugging Face auto map dynamic modules during model resolution without verifying trust remote code. This...

9.8CVSS7.5AI score0.00737EPSS
Exploits1References36
Positive Technologies
Positive Technologies
added 2025/05/28 12:0 a.m.4 views

PT-2025-23227 · Vllm · Vllm

Name of the Vulnerable Software and Affected Versions: vLLM versions 0.8.0 through 0.8.x Description: The issue is a Denial of Service ReDoS that causes the vLLM server to crash if an invalid regex is provided while using structured output. This is similar to a previously identified issue, but it...

6.5CVSS6AI score0.004EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.3 views

PT-2025-18215

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.2 through 0.8.5 Description The issue affects vLLM, a high-throughput and memory-efficient inference and serving engine for LLMs. In a multi-node vLLM deployment, vLLM uses ZeroMQ for some multi-node communication purposes,...

7.5CVSS7.1AI score0.00505EPSS
Exploits1References23
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.4 views

PT-2025-6000 · Vllm +1 · Vllm +1

Name of the Vulnerable Software and Affected Versions: vLLM versions prior to 0.7.2 Description: Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. The issue arises from the use of...

2.6CVSS3.4AI score0.00184EPSS
Exploits0References15
Rows per page
Query Builder