CVE-2026-22778

Critical CVSS: 9.8

vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1.

Vendor

Vllm

Product

Vllm

CWE

CWE-532

Yayın Tarihi

2026-02-02 23:16:06

Güncelleme

2026-02-23 18:19:12

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-532 Vllm CRITICAL Vllm 2026

Referanslar

https://github.com/vllm-project/vllm/pull/31987 https://github.com/vllm-project/vllm/pull/32319 https://github.com/vllm-project/vllm/releases/tag/v0.14.1 https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv

Benzer Kayıtlar

High

CVE-2026-27893

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to versio…

High

CVE-2026-25960

vLLM is an inference and serving engine for large language models (LLMs). The SSRF protection fix for CVE-2026-24779 add…

High

CVE-2026-24779

vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request…

High

CVE-2026-22807

vLLM is an inference and serving engine for large language models (LLMs). Starting in version 0.10.1 and prior to versio…

Medium

CVE-2026-22773

vLLM is an inference and serving engine for large language models (LLMs). In versions from 0.6.4 to before 0.12.0, users…

High

CVE-2025-66448

vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote co…