CVE-2026-22778

EPSS 3.28%
Veröffentlicht 02.02.2026 23:16:06
Zuletzt bearbeitet 23.02.2026 18:19:12
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

vLLM leaks a heap address when PIL throws an error

vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vllm ≫ Vllm Version >= 0.8.3 < 0.14.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.28%	0.868

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://github.com/vllm-project/vllm/pull/31987

Patch

Issue Tracking

https://github.com/vllm-project/vllm/pull/32319

Patch

Issue Tracking

https://github.com/vllm-project/vllm/releases/tag/v0.14.1

Release Notes

https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-22778

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-22778

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-22778

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-22778