Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Vllm Project
Vllm

vllm-project vllm Vulnerabilities: CVEs, CISA KEV & Security Advisories

37 CVEs

vllm-project vllm Vulnerabilities

CVE security advisories and vulnerability history for vllm by vllm-project.

37

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

9

Public exploits

With known exploit

7.1

Avg CVSS

2024–2026

Last updated May 26, 2026

Overview

vllm-project vllm has 37 published CVE records since 2024, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 9 have a known public exploit. The average CVSS base score across scored CVEs is 7.1.

This page aggregates every publicly disclosed vulnerability (CVE) affecting vllm-project vllm, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of vllm-project vllm's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical6

High12

Medium17

Low2

In CISA’s Known Exploited Vulnerabilities catalog

0

None of vllm-project vllm's CVEs are currently listed in CISA's KEV catalog.

Public exploits

9

9 of vllm-project vllm's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every vllm-project vllm version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

Fixed in

58738772410c5e0d60b61db39538a9b313d2d7ad6 CVEs
439368496db48d8f992ba8c606a0c0b1eebbfa694 CVEs
ba41cc90e8ef7f236347b2f1599eec2cbb9e1f0d4 CVEs
966f933ee1cd7c9a41db60de5c7ff986570052512 CVEs
d7de043d55d1dd629554467e23874097e1c489932 CVEs
0408efc6d0c17fba17b2be38d0d0f02e96d2bf9d1 CVE
1da94e673c257373280026f75ceb4effac80e8921 CVE
4c347044c90da878c9bacb33aaf6cba0fc01dd7c1 CVE
4fd9d6a85c00ac0186aa9abbeff73fc2ac6c721e1 CVE
5204ff5c3feeb96e8a6eea65dfcb78395f90d4d81 CVE
b17039bccc17b94a2ea107272ad7bc93508708df

Find a version

37 CVEs

Sort

vllm-project vllm OpenAI-compatible Serving Path denial of service
CVE-2026-9540
Public exploit
Patch
CWE-404
Medium · CVSS 6.9
EPSS 0.1% (23th pct)2026-05-26
vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
CVE-2026-44223
Public exploit
Patch
CWE-704
Medium · CVSS 6.5
EPSS 0.0% (3th pct)2026-05-12
vLLM: Remote DoS via Special-Token Placeholders
CVE-2026-44222
Patch
CWE-129
Medium · CVSS 6.5
EPSS 0.0% (3th pct)2026-05-12
vLLM Affected by Unauthenticated OOM Denial of Service via Unbounded `n` Parameter in OpenAI API Server
CVE-2026-34756
Patch
CWE-770
Medium · CVSS 6.5
EPSS 0.0% (16th pct)2026-04-06
vLLM Affected by Denial of Service via Unbounded Frame Count in video/jpeg Base64 Processing
CVE-2026-34755
Patch
CWE-770
Medium · CVSS 6.5
EPSS 0.1% (17th pct)2026-04-06
vLLM affected by Server-Side Request Forgery (SSRF) in `download_bytes_from_url `
CVE-2026-34753
Patch
CWE-918
Medium · CVSS 5.4
EPSS 0.0% (15th pct)2026-04-06
vLLM: Downmix Implementation Differences as Attack Vectors Against Audio AI Models
CVE-2026-34760
Patch
CWE-20
Medium · CVSS 5.9
EPSS 0.1% (23th pct)2026-04-02
vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out
CVE-2026-27893
Patch
CWE-693
High · CVSS 8.8
EPSS 0.0% (15th pct)2026-03-26
SSRF Protection Bypass in vLLM
CVE-2026-25960
Patch
CWE-918
High · CVSS 7.1
EPSS 0.0% (8th pct)2026-03-09
vLLM leaks a heap address when PIL throws an error
CVE-2026-22778
Patch
CWE-532
Critical · CVSS 9.8
EPSS 0.1% (28th pct)2026-02-02
vLLM vulnerable to Server-Side Request Forgery (SSRF) in `MediaConnector`
CVE-2026-24779
Public exploit
Patch
CWE-918
High · CVSS 7.1
EPSS 0.0% (12th pct)2026-01-27
vLLM affected by RCE via auto_map dynamic module loading during model initialization
CVE-2026-22807
Patch
CWE-94
High · CVSS 8.8
EPSS 0.0% (9th pct)2026-01-21
vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions
CVE-2026-22773
Patch
CWE-770
Medium · CVSS 6.5
EPSS 0.0% (7th pct)2026-01-10
vLLM vulnerable to remote code execution via transformers_utils/get_config
CVE-2025-66448
Patch
CWE-94
High · CVSS 7.1
EPSS 0.0% (14th pct)2025-12-01
vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs
CVE-2025-62372
Patch
CWE-129
High · CVSS 8.3
EPSS 0.1% (25th pct)2025-11-21
vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`
CVE-2025-62426
Patch
CWE-770
Medium · CVSS 6.5
EPSS 0.1% (25th pct)2025-11-21
VLLM deserialization vulnerability leading to DoS and potential RCE
CVE-2025-62164
Patch
CWE-787
High · CVSS 8.8
EPSS 0.2% (41th pct)2025-11-21
vLLM vulnerable to timing attack at bearer auth
CVE-2025-59425
Patch
CWE-385
High · CVSS 7.5
EPSS 0.3% (54th pct)2025-10-07
vLLM API endpoints vulnerable to Denial of Service Attacks
CVE-2025-48956
Patch
CWE-400
High · CVSS 7.5
EPSS 0.3% (54th pct)2025-08-21
vLLM Tool Schema allows DoS via Malformed pattern and type Fields
CVE-2025-48944
Public exploit
Patch
CWE-20
Medium · CVSS 6.5
EPSS 0.3% (55th pct)2025-05-30
vLLM allows clients to crash the openai server with invalid regex
CVE-2025-48943
Patch
CWE-248
Medium · CVSS 6.5
EPSS 0.2% (47th pct)2025-05-30
vLLM DOS: Remotely kill vllm over http with invalid JSON schema
CVE-2025-48942
Public exploit
Patch
CWE-248
Medium · CVSS 6.5
EPSS 0.2% (44th pct)2025-05-30
vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`
CVE-2025-48887
Public exploit
Patch
CWE-1333
Medium · CVSS 6.5
EPSS 0.3% (57th pct)2025-05-30
vLLM has a Weakness in MultiModalHasher Image Hashing Implementation
CVE-2025-46722
Patch
CWE-1288
Medium · CVSS 4.2
EPSS 0.2% (46th pct)2025-05-29
vLLM’s Chunk-Based Prefix Caching Vulnerable to Potential Timing Side-Channel
CVE-2025-46570
Patch
CWE-208
Low · CVSS 2.6
EPSS 0.2% (39th pct)2025-05-29
vLLM Allows Remote Code Execution via PyNcclPipe Communication Service
CVE-2025-47277
Patch
CWE-502
Critical · CVSS 9.8
EPSS 0.9% (76th pct)2025-05-20
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
CVE-2025-30165
Patch
CWE-502
High · CVSS 8.0
EPSS 0.4% (63th pct)2025-05-06
vLLM Vulnerable to Remote Code Execution via Mooncake Integration
CVE-2025-32444
Patch
CWE-502
Critical · CVSS 10.0
EPSS 2.5% (86th pct)2025-04-30
vLLM phi4mm: Quadratic Time Complexity in Input Token Processing leads to denial of service
CVE-2025-46560
Public exploit
Patch
CWE-1333
Medium · CVSS 6.5
EPSS 0.6% (69th pct)2025-04-30
Data exposure via ZeroMQ on multi-node vLLM deployment
CVE-2025-30202
Patch
CWE-770
High · CVSS 7.5
EPSS 0.4% (64th pct)2025-04-30

Showing 30 of 37

Common weakness types

The CWE weakness categories most often found in vllm-project vllm CVEs. Follow any weakness for its full explanation.

CWE-502Deserialization of Untrusted Data7 CVEs
CWE-770Allocation of Resources Without Limits or Throttling6 CVEs
CWE-918Server-Side Request Forgery (SSRF)3 CVEs
CWE-248Uncaught Exception2 CVEs
CWE-129Improper Validation of Array Index2 CVEs
CWE-1333Inefficient Regular Expression Complexity2 CVEs
CWE-20Improper Input Validation2 CVEs
CWE-400Uncontrolled Resource Consumption2 CVEs

Disclosure activity by year

How many vllm-project vllm CVEs were published each year.

2024

1

2025

23

2026

13

Other vllm-project products

Browse vulnerabilities for other products by vllm-project.

vllm-project/vllm3 CVEs

All vllm-project vulnerabilities

Frequently asked questions

Common questions about vllm-project vllm vulnerabilities.

How many CVEs does vllm-project vllm have?

vllm-project vllm has 37 published CVE records since 2024.

How many vllm-project vllm CVEs are in CISA KEV?

None of vllm-project vllm's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for vllm-project vllm vulnerabilities?

Yes — 9 of vllm-project vllm's CVEs have a known public exploit.

Which versions of vllm-project vllm are affected?

98 distinct vllm-project vllm versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in vllm-project vllm CVEs?

vllm-project vllm's CVEs most often map to these CWE weakness types: CWE-502 (Deserialization of Untrusted Data), CWE-770 (Allocation of Resources Without Limits or Throttling), CWE-918 (Server-Side Request Forgery (SSRF)), CWE-248 (Uncaught Exception).

How many critical vllm-project vllm vulnerabilities are there?

vllm-project vllm has 6 critical and 12 high-severity CVEs.

What is the average severity of vllm-project vllm CVEs?

The average CVSS base score across vllm-project vllm's scored CVEs is 7.1.

References

All vllm-project vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track vllm-project vllm vulnerabilities

Monitor new vllm-project vllm vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References

1 CVE

b31e9326a7d9394aab8c767f8ebe225c65594b601 CVE

bcf2be96120005e9aea171927f85055a6a5c0cf61 CVE