CVE-2026-22773

Medium CVSS: 6.5

vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimension mismatch that results in an unhandled runtime error, leading to complete server termination. This issue has been patched in version 0.12.0.

Vendor

Vllm

Product

Vllm

CWE

CWE-770

Yayın Tarihi

2026-01-10 07:16:03

Güncelleme

2026-01-27 21:03:47

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-770 Vllm MEDIUM Vllm 2026

Referanslar

https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr

Benzer Kayıtlar

High

CVE-2026-27893

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to versio…

High

CVE-2026-25960

vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add…

Critical

CVE-2026-22778

vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid i…

High

CVE-2026-24779

vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request…

High

CVE-2026-22807

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to versio…

High

CVE-2025-66448

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote co…